Integrate your Fortinet Networking WiFi devices with your MyWiFi account and enable your guests to connect to the internet while keeping full control of your Fortinet devices within your Fortigate.
1. Log in to your FortiGate / FortiWifi
Click User & Device > RADIUS Servers on the left menu. Click Create New and configure with:
- Name: guestradius
- Primary Server: radius1.wificloud.io
- Primary Shared Secret: mywifi
- Secondary Server: radius2.wificloud.io
- Secondary Shared Secret: mywifi
- Authentication Method: PAP
Click OK to Save.
2. Next, click on User Groups and then guestgroup
Configure with:
- Type: Firewall
- Under Remote groups click Create New and under Remote Server choose guestradius. Click OK to Save.
3. Next, click Policy & Objects > Addresses.
Click Create New > Address. Configure with:
- Category: Address
- Name: guestonline
- Type: IP/Netmask
- Subnet / IP Range: 192.168.3.0/24
- Interface: any
- Show in Address List: Enabled
Click OK to Save.
4. Next, click Create New > Address again and configure with:
- Category: Address
- Name: Google DNS 1
- Type: IP RANGE
- Range: 8.8.8.8 - 8.8.8.8
Click OK to Save.
5. Next, click Create New > Address again and configure with:
- Category: Address
- Name: mywifinetworks
- Type: FQDN
- FQDN: *.securewifilogin.com
Click OK to Save.
6. For each domain below you need to do as per above (FQDN)
- [custom social portal URL] if applicable
- *.mywifi.io
- *.securewifilogin.com
- *.cloudfront.net
- fonts.gstatic.com
- fonts.googleapis.com
- *.linkedin.com
- *.amazonaws.com
- *.licdn.com
- *.twitter.com
- *.facebook.com
- *.akadns.net
- *.edgekey.net
- *.edgesuite.net
- *.akamaihd.net
- *.akamaiedge.net
- *.akamai.net
- *.twimg.com
- *.instagram.com
- *.facebook.net
- *.stripe.com
- *.paypal.com
- *.paypalobjects.com
- *.twilio.com
- *.vk.com
7. Next, under Addresses click Create New > Address Group. Configure with:
- Category: IPv4 Group
- Group Name: guestwhitelist
- Members: click the + button and select all the domains and DNS you added earlier.
Click OK to Save.
8. Next, click WiFi & Switch Controller > SSID on the left. Click Create New > SSID. Configure with:
- Interface Name: guestwifi
- Type: WiFi SSID
- Traffic Mode: Tunnel
- Address: 192.168.3.99/255.255.255.0
- DHCP Server: Enabled
- Address Range 192.168.3.1-192.168.3.98, 192.168.3.100-192.168.3.254
- Netmask 255.255.255.0
- Default Gateway Same as interface IP
- DNS Server: Specify: 8.8.8.8
- SSID: GuestWifi [Or whatever you want]
- Security Mode: Captive Portal
- Portal Type: Authentication
- Authentication Portal: External: portal.securewifilogin.com
- User Groups: guestgroup
- Broadcast SSID: Enabled
- Block Intra-SSID Traffic: Enabled
- Redirect after Captive Portal: [User selected]
Click OK to Save.
9. Next, under Policy & Objects > IPv4 Policy click Create New. Configure with:
- Name: guestwifi
- Incoming Interface: GuestWiFi (guestwifi)
- Outgoing Interface: wan (your WAN connection)
- Source: all
- Destination: guestwhitelist
- Schedule: always
- Service: ALL
- Action: ACCEPT
- NAT on
- Enable this policy: Enabled
Click OK to Save. Make note the policy ID in the leftmost column.
10. Open Terminal from Button in top right corner.
config firewall policy
edit (policy id)
set captive-portal-exempt enable
End
11. Click Create New from the IPv4 Policy page again and configure with:
- Name: guestwifionline
- Incoming Interface: GuestWiFi (guestwifi)
- Outgoing Interface: wan (your WAN connection)
- Source: guestonline
- Destination: all
- Schedule: always
- Service: ALL
- Action: ACCEPT
- NAT on
- Enable this policy: Enabled
Click OK to Save.
Need Help?
If you have any questions, please contact our support team by clicking the support icon located in the bottom right-hand corner of this page.
Comments
Article is closed for comments.