Fortinet black logo

User Guide

Home FortiGuest 1.2.0 User Guide
1.2.0
1.2.0
1.1.0
1.0.0

Smart Connect Profiles

Smart Connect Profiles

Create a Smart Connect profile defining your network type and authentication settings for client in your network. You can Clone the profile to re-use configurations.

Notes:

  • Smart Connect on Linux supports only Ubuntu versions 20 and 22.

  • [Smart Connect] For PEAP to work with Windows 10 devices, ensure that a FortiGuest certificate is included in the Additional Certificates of a Smart Connect profile.

This table describes the EAP types supported for Smart Connect on different platforms.

Platform

PSK

EAP MSCHAPV2

EAPGTC

EAP TLS

Local certificate authority

EAP TLS with SCEP server
Windows Supported Supported Not Supported Supported Supported
Android Supported Supported Supported Supported Supported
iOS Supported Not Supported Supported Not Supported Supported
Wired network Not Supported Supported Not Supported Supported Supported
  1. Navigate to Smart Connect > Smart Connect Profiles and click New.
  2. In the Network Settings, enter a unique Network Name (for your network) and select the Network Type (only Wireless is supported in this release).
  3. Enter the SSID name and enable SSID is Broadcast as per requirement.
  4. Optionally, you can specify the SSIDs you wish to remove from the client. This is required for any open network where client access is restricted.
  5. In the Authentication tab, you are provided the authentication methods based on the network type that you specify. For the Pre-Shared Key authentication methods, enter the Pre-Shared Key.

    For the Enterprise authentication methods, enter the following.
  • EAP Types - Select an EAP type for authentication for different client devices, Apple, Android, Windows, Linux, and Chrome.

  • EAP/TLS (Generate certificates with) - If you select the EAP-TLS for authentication, then select the certificate provider. See SCEP Servers and Local Certificate Authorities.

  • PEAP/MSCHAPv2 and PEAP/GTC - Determine in the Include Credentials field whether you want to include or not include the user name and password in the profile sent to the user. Select a specific user name format for the client to Authenticate with. If you select realm, then define the Realm.

  • In the Proxy Settings tab, configure the proxy server settings for the client. You can configure any of the following options for Apple iOS / OS X Proxy Mode, Android Proxy Mode, and Chrome OS Proxy Mode.

    • Disabled - To disable the proxy mode for clients.
    • Auto Discovery - To enable the automatic discovery of proxy settings.
    • Manual Settings - Update the following proxy server settings.
      • Server - Enter your server’s hostname or IP address.
      • Port - Enter the appropriate port number.
      • Authentication - Select whether no authentication is needed or whether a login is required. If a login is required then update the following.
      • Username - Enter the username for authentication.
      • Password - Enter and confirm the authentication password.
      • Username Format - Select a format to use for the authentication username.
    • PAC URL - Update the following proxy auto-config (PAC) settings.
      • PAC URL - The URL of the PAC file that defines the proxy configuration.
      • PAC Fallback Allowed - When disabled the device is prevented from connecting directly to the destination if the PAC file is unreachable. This is enabled by default.
  • You can select any pre-installed Certificates that you require. Configure the certificates only if you are using the Enterprise authentication methods.

  • You can also install any additional CA certificates.
  • In the Other Options tab, enter the URL you wish to direct the browser to once connected, after Smart Connect has run.
    Note: This does not apply to Apple devices configured using an Apple configuration profile.

    • Previous
    Next

    Smart Connect Profiles

    Create a Smart Connect profile defining your network type and authentication settings for client in your network. You can Clone the profile to re-use configurations.

    Notes:

    • Smart Connect on Linux supports only Ubuntu versions 20 and 22.

    • [Smart Connect] For PEAP to work with Windows 10 devices, ensure that a FortiGuest certificate is included in the Additional Certificates of a Smart Connect profile.

    This table describes the EAP types supported for Smart Connect on different platforms.

    Platform

    PSK

    EAP MSCHAPV2

    EAPGTC

    EAP TLS

    Local certificate authority

    EAP TLS with SCEP server
    Windows Supported Supported Not Supported Supported Supported
    Android Supported Supported Supported Supported Supported
    iOS Supported Not Supported Supported Not Supported Supported
    Wired network Not Supported Supported Not Supported Supported Supported
    1. Navigate to Smart Connect > Smart Connect Profiles and click New.
    2. In the Network Settings, enter a unique Network Name (for your network) and select the Network Type (only Wireless is supported in this release).
    3. Enter the SSID name and enable SSID is Broadcast as per requirement.
    4. Optionally, you can specify the SSIDs you wish to remove from the client. This is required for any open network where client access is restricted.
    5. In the Authentication tab, you are provided the authentication methods based on the network type that you specify. For the Pre-Shared Key authentication methods, enter the Pre-Shared Key.

      For the Enterprise authentication methods, enter the following.
    • EAP Types - Select an EAP type for authentication for different client devices, Apple, Android, Windows, Linux, and Chrome.

    • EAP/TLS (Generate certificates with) - If you select the EAP-TLS for authentication, then select the certificate provider. See SCEP Servers and Local Certificate Authorities.

    • PEAP/MSCHAPv2 and PEAP/GTC - Determine in the Include Credentials field whether you want to include or not include the user name and password in the profile sent to the user. Select a specific user name format for the client to Authenticate with. If you select realm, then define the Realm.

  • In the Proxy Settings tab, configure the proxy server settings for the client. You can configure any of the following options for Apple iOS / OS X Proxy Mode, Android Proxy Mode, and Chrome OS Proxy Mode.

    • Disabled - To disable the proxy mode for clients.
    • Auto Discovery - To enable the automatic discovery of proxy settings.
    • Manual Settings - Update the following proxy server settings.
      • Server - Enter your server’s hostname or IP address.
      • Port - Enter the appropriate port number.
      • Authentication - Select whether no authentication is needed or whether a login is required. If a login is required then update the following.
      • Username - Enter the username for authentication.
      • Password - Enter and confirm the authentication password.
      • Username Format - Select a format to use for the authentication username.
    • PAC URL - Update the following proxy auto-config (PAC) settings.
      • PAC URL - The URL of the PAC file that defines the proxy configuration.
      • PAC Fallback Allowed - When disabled the device is prevented from connecting directly to the destination if the PAC file is unreachable. This is enabled by default.
  • You can select any pre-installed Certificates that you require. Configure the certificates only if you are using the Enterprise authentication methods.

  • You can also install any additional CA certificates.
  • In the Other Options tab, enter the URL you wish to direct the browser to once connected, after Smart Connect has run.
    Note: This does not apply to Apple devices configured using an Apple configuration profile.

    • Previous
    Next