Fortinet (Fortigate)

 

Fortinet White Logo (Page 1) - Line.17QQ.com

 

Integrate your Fortinet Networking WiFi devices with your MyWiFi account and enable your guests to connect to the internet while keeping full control of your Fortinet access points within your Fortinet Network Manager.

 

Log in to your FortiGate / FortiWifi

 

1. Click User & Device > RADIUS Servers on the left menu. Click Create New and configure with:

  • Name: mywifinetworks
  • Primary Server: radius1.wificloud.io
  • Primary Shared Secret: mywifi
  • Secondary Server: radius2.wificloud.io
  • Secondary Shared Secret: mywifi
  • Authentication Method: PAP

 

Click OK to Save. 

 

2. Click on User Groups and edit the default Guestgroup

Configure with:

  • Type: Firewall
  • Under Remote groups click Create New and under Remote Server choose guestradius. Click OK to Save.

 

3. Click Policy & Objects > IP. Click Create New > Address. Configure with:

  • Category: Address
  • Name: guestonline
  • Type: IP/Netmask
  • Subnet / IP Range: 192.168.3.0/24
  • Interface: any
  • Show in Address List: Enabled

 

Click OK to Save.

 

4. Click Create New > Address again and configure with:

  • Category: Address
  • Name: portal_address
  • Type: FQDN
  • FQDN:portal.securewifilogin.com

 

Click OK to Save. 

 

5. For each domain below you need to do as per above.

  • *.mywifi.io
  • *.securewifilogin.com
  • *.cloudfront.net
  • fonts.gstatic.com
  • fonts.googleapis.com
  • *.linkedin.com
  • *.amazonaws.com
  • *.licdn.com
  • *.twitter.com
  • *.facebook.com
  • *.akadns.net
  • *.edgekey.net
  • *.edgesuite.net
  • *.akamaihd.net
  • *.akamaiedge.net
  • *.akamai.net
  • *.twimg.com
  • *.instagram.com
  • *.facebook.net
  • *.stripe.com
  • *.paypal.com
  • *.paypalobjects.com
  • *.twilio.com
  • *.vk.com



6. Under Addresses click Create New > Address Group. Configure with:

  • Category: IPv4 Group
  • Group Name: guestwhitelist
  • Members: click the + button and select all the domains you added earlier.

 

Click OK to Save.

 

7. Click WiFi & Switch Controller > SSID on the left. Click Create New > SSID. Configure with:

  • Interface Name: guestwifi
  • Type: WiFi SSID
  • Traffic Mode: Tunnel to Wireless Controller
  • Address: 192.168.3.1/255.255.255.0
  • DHCP Server: Enabled
  • DNS Server: Specify: 8.8.8.8
  • SSID: Social Wifi
  • Security Mode: Captive Portal
  • Portal Type: Authentication
  • Authentication Portal: External: portal.securewifilogin.com
  • User Groups: guestgroup
  • Broadcast SSID: Enabled
  • Block Intra-SSID Traffic: Enabled
  • Redirect after Captive Portal: Specific URL: *insert redirect_url here*

 

Click OK to Save.

 

8. Under IPv4 Policy click Create New. Configure with:

  • Name: guestwifi
  • Incoming Interface: Guest WiFi (guestwifi)
  • Outgoing Interface: wan1 (your WAN connection)
  • Source: all
  • Destination Address: guestwhitelist
  • Schedule: always
  • Service: ALL
  • Action: ACCEPT
  • Enable this policy: Enabled

 

Click OK to Save.

 

9. Click Create New again and configure with:

  • Name: guestwifionline
  • Incoming Interface: Guest WiFi (guestwifi)
  • Outgoing Interface: wan1 (your WAN connection)
  • Source: guestonline
  • Destination Address: all
  • Schedule: always
  • Service: ALL
  • Action: ACCEPT
  • Enable this policy: Enabled

 

Click OK to Save. 

10. Open the Terminal and add the following command:

config firewall policy
edit (policy number for walled-garden)
set captive-portal-exempt enable
end

 

Your Fortinet devices will now deliver the captive portal and allow guests to login.

Need Help?

If you have any questions, please contact our support team by clicking the support icon located in the bottom right-hand corner of this page.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.