Hot!Captive Portal authentication issue

Author
Eric Kom
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/12/19 02:12:36
  • Status: offline
2020/09/14 00:38:59 (permalink)
0

Captive Portal authentication issue

Hi all,
We have Fortigate 60F with captive portal configured on one of the Port; We use Unifi as APs, See below my firewall settings for Captive portal:
 
config user setting
set auth-timeout 1440
set auth-timeout-type hard-timeout
set auth-lockout-duration 0
set auth-invalid-max 100
end
 
config user group
edit "guest.Wifi"
set group-type guest
set authtimeout 0
set auth-concurrent-override enable
set http-digest-realm ''
end
 
The client do not want to re-authenticate after authentication was successful
Let say the guest account is set to expire in 120days, our client is looking for a solution where after successful authentication; the authenticated guest should remain active.
 
We try all the settings but could archive that goal.
 
The max session time out is set to 24hrs but not truth all the time; for some reason the guest have to authenticate many times between 24hrs and sometime stay connected for 24hrs.
 
We do not want to want to set the exempt source for some devices.\
 
Please help
 
#1

2 Replies Related Threads

    xsilver
    Expert Member
    • Total Posts : 539
    • Scores: 135
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: Captive Portal authentication issue 2020/09/14 05:50:23 (permalink)
    0
    Hi,
    are you 100% sure you want to have 120 days authenticated session ?
    To be honest, that sounds to me as security madness.
    Have you heard about session hijacks and other possible misuse scenarios for active sessions?
     
    If you want to pass someone/something through, basically unauthenticated, that's how 120 days sounds to me, then how about per MAC based or IP based exceptions?
    Thinking of per MAC IP assignment via something like DHCP, or static map. Not trying to even think about DHCP or MAC address spoofing .. or other ways, just to keep sanity.
     

    Kind Regards,
    Tomas
    #2
    Eric Kom
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/12/19 02:12:36
    • Status: offline
    Re: Captive Portal authentication issue 2020/09/14 10:06:50 (permalink)
    0
    I know it is a security madness.
    The client is driving me made. We have explained to them that fortigate is a security device and therefore can not be implemented
    Kind regards 
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5