Fortigate captive portal with FortiAutenticator - howto?

New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/05/27 19:11:03
  • Status: offline
2020/05/27 19:19:05 (permalink)

Fortigate captive portal with FortiAutenticator - howto?

Hi there,
We have a single fortigate with one interface operating as a wired captive portal for guest internet (this is not wifi). We use the guest admin (the receptionist) to provision accounts for guests.
It works well, but now we have introduced a 2nd Fortigate at a seperate site, and would like to have a single user across both sites.
We also have FortiAuthenticator. We are wondering if/how we can set the Guest Portal on the FortiAuthenticator, and configure the Fortigate to use an "External" captive portal.
I'm sure this is possible, bit all the cookbook documentation is either old, or for captive portal wifi only. Does anyone have a step by step to do this. We are running fortigate 6.2 and Fortiauthenticator 6.0
Can anyone help?

1 Reply Related Threads

    Expert Member
    • Total Posts : 509
    • Scores: 129
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: Fortigate captive portal with FortiAutenticator - howto? 2020/06/01 04:39:25 (permalink)
    how about this way .. You need to invest a little bit of effort, but raw skeleton might look like this:
    step 1 - on FortiGate (FGT hereinafter) set FortiAuthenticator (FAC hereinafter) as external captive portal
    step 2 - on FAC decide how would you like to manage users.
    - are those going to get synced from Microsoft Active Directory ? .. tag "#Remote_user_sync_rules"
    - are those local or guests ? .. tag #Guest_users
    step 3 - your FGT will be RADIUS Client to FAC and it needs to be set up
    step 4 - set Guest portal on FAC ...
    step 5 - testing with known user
    on FAC -
    on FGT - search for troubleshooting
    - use packet captures to see RADIUS packets (default auth port 1812.udp)
    - flow debug to see which policies handled the stuff
    - diag debug app fnbamd 7
    - diag firewall auth list
    etc. etc.

    Kind Regards,
    Jump to:
    © 2020 APG vNext Commercial Version 5.5