Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiGuest 1.3.0 New Features
    1.3.0
    1.3.0
    1.2.0
    1.1.0

    Multiple Pre-Shared Keys

    Multiple Pre-Shared Keys

    The Multiple Pre-Shared Key (MPSK) authentication feature facilitates the use of PSKs for guest portals to provide controlled and secure visitor access to the network resources. FortiGuest supports multiple PSKs simultaneously on a single SSID, each device uses a unique PSK to connect to the network. The guest users are prompted to enter the PSK via the captive portal page to connect to the network. This simplifies the on-boarding experience for users by granting them easy network access. This also allows the administrators to effectively track network usage.

    Note: Administrators and sponsors can create MPSK profiles.

    Just like the existing MAC authentication feature, PSK authentication can also be configured individually for a RADIUS client. FortiGuest assigns PSKs to devices through RADIUS clients, the FortiGate controller then leverages both MAC authentication and PSKs to authenticate devices for network access. The PSKs are not stored on the FortiGate and are returned as RADIUS attributes.

    You can perform the following operations to use PSK authentication for guest portals.

    • Create an MPSK password policy that defines the PSK complexity requirements for users logging in into the guest portal. This policy is tagged to the guest portal. See MPSK Password Policy.

    • The administrator can create PSKs and tag them to user accounts and devices. On successful guest portal authentication, the guests can use the administrator created PSK or can create their own. See Creating PSKs.

    • The guest user logging in into the guest portal with no devices tagged can register their device. See Guest Portal Device Registration.

    • Both static and dynamic VLAN mapping is supported. Static VLAN mapping is available to the administrator per PSK, dynamic VLAN mapping is available when a PSK is authenticating via a RADIUS client. See VLAN Mapping.

    • Enable MPSK and tag a password policy when configuring the guest portal in FortiGuest. See Guest Portal Configurations.

    • To use FortiGuest MPSK feature specific configurations are required on FortiGate. See FortiGate Configurations.

    Limitations

    The following limitations apply to the usage of this feature.

    • Guest portal access plan must have an unlimited usage profile.

    • No support for administrative features such as, accounting, account suspend/disconnect/revive and so on.

    • For iOS devices the CNA must be disabled.

    • Dynamic VLAN assignment per user is not supported.

    Previous
    Next

    Multiple Pre-Shared Keys

    Multiple Pre-Shared Keys

    The Multiple Pre-Shared Key (MPSK) authentication feature facilitates the use of PSKs for guest portals to provide controlled and secure visitor access to the network resources. FortiGuest supports multiple PSKs simultaneously on a single SSID, each device uses a unique PSK to connect to the network. The guest users are prompted to enter the PSK via the captive portal page to connect to the network. This simplifies the on-boarding experience for users by granting them easy network access. This also allows the administrators to effectively track network usage.

    Note: Administrators and sponsors can create MPSK profiles.

    Just like the existing MAC authentication feature, PSK authentication can also be configured individually for a RADIUS client. FortiGuest assigns PSKs to devices through RADIUS clients, the FortiGate controller then leverages both MAC authentication and PSKs to authenticate devices for network access. The PSKs are not stored on the FortiGate and are returned as RADIUS attributes.

    You can perform the following operations to use PSK authentication for guest portals.

    • Create an MPSK password policy that defines the PSK complexity requirements for users logging in into the guest portal. This policy is tagged to the guest portal. See MPSK Password Policy.

    • The administrator can create PSKs and tag them to user accounts and devices. On successful guest portal authentication, the guests can use the administrator created PSK or can create their own. See Creating PSKs.

    • The guest user logging in into the guest portal with no devices tagged can register their device. See Guest Portal Device Registration.

    • Both static and dynamic VLAN mapping is supported. Static VLAN mapping is available to the administrator per PSK, dynamic VLAN mapping is available when a PSK is authenticating via a RADIUS client. See VLAN Mapping.

    • Enable MPSK and tag a password policy when configuring the guest portal in FortiGuest. See Guest Portal Configurations.

    • To use FortiGuest MPSK feature specific configurations are required on FortiGate. See FortiGate Configurations.

    Limitations

    The following limitations apply to the usage of this feature.

    • Guest portal access plan must have an unlimited usage profile.

    • No support for administrative features such as, accounting, account suspend/disconnect/revive and so on.

    • For iOS devices the CNA must be disabled.

    • Dynamic VLAN assignment per user is not supported.

    Previous
    Next