Fortinet (Fortigate)

Fortinet

Integrate your Fortinet Networking WiFi devices with your MyWiFi account and enable your guests to connect to the internet while keeping full control of your Fortinet devices within your Fortigate.

 

1. Log in to your FortiGate / FortiWifi

 

Click User & Device > RADIUS Servers on the left menu. Click Create New and configure with:

  • Name: guestradius
  • Primary Server: radius1.wificloud.io
  • Primary Shared Secret: mywifi
  • Secondary Server: radius2.wificloud.io
  • Secondary Shared Secret: mywifi
  • Authentication Method: PAP

 

Click OK to Save. 

 

2. Next, click on User Groups and then guestgroup

Configure with:

  • Type: Firewall
  • Under Remote groups click Create New and under Remote Server choose guestradius. Click OK to Save.

 

3. Next, click Policy & Objects > Addresses. 

Click Create New > Address. Configure with:

  • Category: Address
  • Name: guestonline
  • Type: IP/Netmask
  • Subnet / IP Range: 192.168.3.0/24
  • Interface: any
  • Show in Address List: Enabled

Click OK to Save.

 

4. Next, click Create New > Address again and configure with:

  • Category: Address
  • Name: Google DNS 1
  • Type: IP RANGE
  • Range: 8.8.8.8 - 8.8.8.8

Click OK to Save.

 

5. Next, click Create New > Address again and configure with:

  • Category: Address
  • Name: mywifinetworks
  • Type: FQDN
  • FQDN: *.securewifilogin.com

 

Click OK to Save. 

 

6. For each domain below you need to do as per above (FQDN)

  • [custom social portal URL] if applicable
  • *.mywifi.io
  • *.securewifilogin.com
  • *.cloudfront.net
  • fonts.gstatic.com
  • fonts.googleapis.com
  • *.linkedin.com
  • *.amazonaws.com
  • *.licdn.com
  • *.twitter.com
  • *.facebook.com
  • *.akadns.net
  • *.edgekey.net
  • *.edgesuite.net
  • *.akamaihd.net
  • *.akamaiedge.net
  • *.akamai.net
  • *.twimg.com
  • *.instagram.com
  • *.facebook.net
  • *.stripe.com
  • *.paypal.com
  • *.paypalobjects.com
  • *.twilio.com
  • *.vk.com



7. Next, under Addresses click Create New > Address Group. Configure with:

  • Category: IPv4 Group
  • Group Name: guestwhitelist
  • Members: click the + button and select all the domains and DNS you added earlier.

 

Click OK to Save.

 

8. Next, click WiFi & Switch Controller > SSID on the left. Click Create New > SSID. Configure with:

  • Interface Name: guestwifi
  • Type: WiFi SSID
  • Traffic Mode: Tunnel 
  • Address: 192.168.3.99/255.255.255.0
  • DHCP Server: Enabled
    • Address Range 192.168.3.1-192.168.3.98, 192.168.3.100-192.168.3.254
    • Netmask 255.255.255.0
    • Default Gateway Same as interface IP
    • DNS Server: Specify: 8.8.8.8
  • SSID: GuestWifi [Or whatever you want]
  • Security Mode: Captive Portal
  • Portal Type: Authentication
  • Authentication Portal: External: portal.securewifilogin.com
  • User Groups: guestgroup
  • Broadcast SSID: Enabled
  • Block Intra-SSID Traffic: Enabled
  • Redirect after Captive Portal: [User selected]

 

Click OK to Save.

 

9. Next, under Policy & Objects > IPv4 Policy click Create New. Configure with:

  • Name: guestwifi
  • Incoming Interface: GuestWiFi (guestwifi)
  • Outgoing Interface: wan (your WAN connection)
  • Source: all
  • Destination: guestwhitelist
  • Schedule: always
  • Service: ALL
  • Action: ACCEPT
  • NAT on
  • Enable this policy: Enabled


Click OK to Save. Make note the policy ID in the leftmost column.

10. Open Terminal from Button in top right corner.

config firewall policy

edit (policy id)

set captive-portal-exempt enable

End

 

11. Click Create New from the IPv4 Policy page again and configure with:

  • Name: guestwifionline
  • Incoming Interface: GuestWiFi (guestwifi)
  • Outgoing Interface: wan (your WAN connection)
  • Source: guestonline
  • Destination: all
  • Schedule: always
  • Service: ALL
  • Action: ACCEPT
  • NAT on
  • Enable this policy: Enabled

Click OK to Save. 

 

Need Help?

If you have any questions, please contact our support team by clicking the support icon located in the bottom right-hand corner of this page.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.