Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiLAN Cloud User Guide

    Home FortiLAN Cloud 23.1.0 FortiLAN Cloud User Guide
    23.1.0
    24.2.0
    24.1.0
    23.4.0
    23.3.0
    23.2.0
    23.1.0
    22.4.0
    22.3.0

    Adding an SSID to a network

    Adding an SSID to a network

    Use this procedure to configure and add an SSID to a network.

    Note: The SSID name is alpha-numeric and case-sensitive. The first character of the SSID name must NOT be any of these characters, ; # and !. Special characters, + [ ] " TAB, and trailing spaces are also not allowed in the SSID name.

    Procedure steps

    1. On the FortiLAN Cloud Home page, select the network to which you want to add the SSID.
    2. In the Menu bar, click Configure.
    3. In the Navigation bar, click SSIDs.
    4. Click Add SSID and select any of the listed Authentication Methods.
    5. To go to Security, click Next. If the FortiAP model supports security features, then select the ones you want to enable.
    6. To go to Availability, click Next and complete the following fields.
      • Radio: Select which radios you want to be active.
      • Per-AP: Select whether you want the SSID to be available to all APs or APs with specific tags.
      • Schedule: Select a schedule for when the SSID is available.
    7. To go to Preview, click Next and review the summary. If you need to make changes, click Prev.
    8. To complete the changes, click Apply.
    9. You can now go to the Deploying a FortiAP device to a network procedure.

    Authentication Methods

    This section describes the supported authentication methods. Follow the prerequisites and configuration options listed for each authentication method, and the Basic Settings and Advanced Settings to add an SSID.

    WPA2 Personal

    Add a WPA2 Personal SSID to a network

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
    • Authentication: Select WPA2-Personal. Type a Pre-shared Key (PSK). This PSK must contain from 8 to 63 printable ASCII characters or exactly 64 hexadecimal numbers. If older stations also need to be supported, then select WPA/WPA2-Personal which enables mixed (WPA and WPA2) mode authentication.
    • Captive Portal: Leave as No Captive Portal.

    Complete the Basic Settings and Advanced Settings as required.
    WPA2 Enterprise

    WPA2 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.

    With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).

    Prerequisites

    Configuration
    • Complete the Adding a RADIUS server procedure.
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    With enterprise class SSIDs, individual users can have their own login (such as username and password, and VLAN, administrative control).

    • Authentication: Select WPA2-Enterprise (or WPA/WPA2-Enterprise mixed mode). To define authorized users
    • RADIUS Auth Setting: Set to one of the following:
      • My RADIUS Server: Use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server
      • FortiCloud User/Group: Use FortiLAN Cloud as the RADIUS server. In this case, you do not need to have your own RADIUS server. All users are to be defined in FortiLAN Cloud (see Creating a FortiLAN Cloud group and users).

    Complete the Basic Settings and Advanced Settings as required.
    WPA3-SAE/WPA3-SAE Transition

    Add a WPA3 simultaneous authentication of equals (SAE) or WPA3-SAE Transition SSID to a network.

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    With enterprise class SSIDs, individual users can have their own login (such as username and password, and VLAN, administrative control).

    • Authentication: Select WPA3-SAE or WPA3-SAE Transition.

      • WPA3-SAE: Type an SAE Password. This password must contain 8 to 32 alphanumeric characters or exactly 64 hexadecimal numbers.

      • WPA3-SAE Transition: Enables mixed (WPA2 and WPA3) mode authentication. Two passwords are used in the SSID; if the SAE Password is used, client connects with WPA3 SAE and if Pre-shared Key is used, client connects with WPA2 PSK. This PSK must contain from 8 to 63 printable ASCII characters or exactly 64 hexadecimal numbers.
    • Captive Portal: Add a captive portal to the SSID.

    Complete the Basic Settings and Advanced Settings as required.
    WPA3 Enterprise

    WPA3 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.

    With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).

    Prerequisites

    Configuration
    • Complete the Adding a RADIUS server procedure. The RADIUS server must support 192-bit AES encryption as required by WPA3-Enterprise security level.
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    With enterprise class SSIDs, individual users can have their own login (such as username and password, and VLAN, administrative control).

    • Authentication: Set to WPA3-Enterprise.
    • RADIUS Auth Setting: To define authorized users, set to My RADIUS Server where you use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server

    Complete the Basic Settings and Advanced Settings as required.
    WPA3-OWE/WPA3-OWE Transition

    Add a WPA3 opportunistic wireless (OWE) or WPA3-OWE Transition SSID to a network.

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
    • Authentication: Select WPA3-OWE.
      Enable OWE Transition to allow clients that do not support OWE to connect to an OWE enabled network. This mode requires an Open OWE Transition SSID for such clients to connect.
    • Captive Portal: Add a captive portal to the SSID.

    Complete the Basic Settings and Advanced Settings as required.
    FortiLAN Cloud captive portal

    FortiLAN Cloud includes captive portal settings that you can customize during the SSID addition.

    If you want to create and use your own captive portal, then go to the Adding a My Captive Portal SSID to a network procedure.

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you choose one of the following sign on methods, make sure to complete the required setup:
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
    • Authentication: Select Open or WPA2-Personal.
      If you select WPA2-Personal, then type a Pre-shared Key. This password must contain from 8 to 63 characters. Characters can be any combination of upper and lower case letters, numbers, punctuation marks, and symbols.
    • Captive Portal: Select FortiLAN Cloud Captive Portal.
    • MAC Access Control: Select to allow clients identified in the MAC address import list to connect to that SSID.

      • Fail Through Mode. This mode is available if you select the Open authentication. If you select the Fail Through Mode, then the following applies:

        • If a client is not in the MAC address import list, then the client must pass captive-portal authentication to access the internet.

        • If a client is in the MAC address import list, then the client can bypass the captive-portal authentication and access the internet directly.
    • Redirect URL: The URL to which the user is redirected after a successful login; Original request or Specific URL.
    • Walled Garden: The walled garden is a list of web domains that users can access before completing the authentication process. You can type an IP address, domain name, and subnetwork address/mask. Separate multiple entries with a comma.
    • Sign-on Method: Choose one of the following:
      • Click Through: Users go to the captive portal page and click Continue to gain access to the wireless network. Users do not type a username and password.
      • My RADIUS Server: Select a configured RADIUS server.
      • FortiLAN Cloud user and group: Select a configured FortiLAN Cloud group.
      • Self-registered guests: Users access the captive portal page and sign up for an account. They receive their username and password details by SMS or email as defined in step 11 of this procedure.
      • Social media: Users can sign on with their social media account. FortiLAN Cloud supports Facebook, Google+, LinkedIn, and Twitter accounts.

    In the Captive Portal page, you can additionally customize the following.

    • Logo: You can upload an image.
    • Title: You can change the appearance of the title (background color and image as well as the text color) or the text (in English, French, or Japanese).
    • Message: You can add a message (in English, French, or Japanese) and change the background color, image, and text color.
    • Self-Registered: If you selected the sign on method as self-registered guest (in step 5), then you can customize the page for self-registered guests as well as set an account expiration period and a method to generate a username and password.

    Complete the Basic Settings and Advanced Settings as required.
    My Captive Portal

    In this procedure, you are required to create your own captive portal page.

    If you prefer to use and customize an existing captive portal page, then go to the FortiLAN Cloud captive portal procedure instead.

    Prerequisites

    Configuration
    • Authentication: Select Open or WPA2-Personal.
      If you select WPA2-Personal, then type a Pre-shared Key. This password must contain from 8 to 63 characters. Characters can be any combination of upper and lower case letters, numbers, punctuation marks, and symbols.
    • Captive Portal: Select My Captive Portal.
    • MAC Access Control: Select to allow clients identified in the MAC address import list to connect to that SSID.

      • Fail Through Mode. This mode is available if you select the Open authentication. If you select the Fail Through Mode, then the following applies:

        • If a client is not in the MAC address import list, then the client must pass captive-portal authentication to access the internet.

        • If a client is in the MAC address import list, then the client can bypass the captive-portal authentication and access the internet directly.
    • Captive Portal URL: Type the URL of your captive portal page.
    • Redirect URL: The URL to which the user is redirected after a successful login; Original request or Specific URL.
    • Walled Garden: The walled garden is a list of web domains that users can access before completing the authentication process. You can type an IP address, domain name, and subnetwork address/mask. Separate multiple entries with a comma.

    • Sign-on Method

      : Choose one of the following:

      • Click Through: Users go to the captive portal page and click Continue to gain access to the wireless network. Users do not type a username and password.
      • My RADIUS Server: Select a configured RADIUS server.
      • FortiLAN Cloud user and group: Select a configured FortiLAN Cloud group.

    Complete the Basic Settings and Advanced Settings as required.
    Previous
    Next

    Adding an SSID to a network

    Adding an SSID to a network

    Use this procedure to configure and add an SSID to a network.

    Note: The SSID name is alpha-numeric and case-sensitive. The first character of the SSID name must NOT be any of these characters, ; # and !. Special characters, + [ ] " TAB, and trailing spaces are also not allowed in the SSID name.

    Procedure steps

    1. On the FortiLAN Cloud Home page, select the network to which you want to add the SSID.
    2. In the Menu bar, click Configure.
    3. In the Navigation bar, click SSIDs.
    4. Click Add SSID and select any of the listed Authentication Methods.
    5. To go to Security, click Next. If the FortiAP model supports security features, then select the ones you want to enable.
    6. To go to Availability, click Next and complete the following fields.
      • Radio: Select which radios you want to be active.
      • Per-AP: Select whether you want the SSID to be available to all APs or APs with specific tags.
      • Schedule: Select a schedule for when the SSID is available.
    7. To go to Preview, click Next and review the summary. If you need to make changes, click Prev.
    8. To complete the changes, click Apply.
    9. You can now go to the Deploying a FortiAP device to a network procedure.

    Authentication Methods

    This section describes the supported authentication methods. Follow the prerequisites and configuration options listed for each authentication method, and the Basic Settings and Advanced Settings to add an SSID.

    WPA2 Personal

    Add a WPA2 Personal SSID to a network

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
    • Authentication: Select WPA2-Personal. Type a Pre-shared Key (PSK). This PSK must contain from 8 to 63 printable ASCII characters or exactly 64 hexadecimal numbers. If older stations also need to be supported, then select WPA/WPA2-Personal which enables mixed (WPA and WPA2) mode authentication.
    • Captive Portal: Leave as No Captive Portal.

    Complete the Basic Settings and Advanced Settings as required.
    WPA2 Enterprise

    WPA2 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.

    With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).

    Prerequisites

    Configuration
    • Complete the Adding a RADIUS server procedure.
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    With enterprise class SSIDs, individual users can have their own login (such as username and password, and VLAN, administrative control).

    • Authentication: Select WPA2-Enterprise (or WPA/WPA2-Enterprise mixed mode). To define authorized users
    • RADIUS Auth Setting: Set to one of the following:
      • My RADIUS Server: Use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server
      • FortiCloud User/Group: Use FortiLAN Cloud as the RADIUS server. In this case, you do not need to have your own RADIUS server. All users are to be defined in FortiLAN Cloud (see Creating a FortiLAN Cloud group and users).

    Complete the Basic Settings and Advanced Settings as required.
    WPA3-SAE/WPA3-SAE Transition

    Add a WPA3 simultaneous authentication of equals (SAE) or WPA3-SAE Transition SSID to a network.

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    With enterprise class SSIDs, individual users can have their own login (such as username and password, and VLAN, administrative control).

    • Authentication: Select WPA3-SAE or WPA3-SAE Transition.

      • WPA3-SAE: Type an SAE Password. This password must contain 8 to 32 alphanumeric characters or exactly 64 hexadecimal numbers.

      • WPA3-SAE Transition: Enables mixed (WPA2 and WPA3) mode authentication. Two passwords are used in the SSID; if the SAE Password is used, client connects with WPA3 SAE and if Pre-shared Key is used, client connects with WPA2 PSK. This PSK must contain from 8 to 63 printable ASCII characters or exactly 64 hexadecimal numbers.
    • Captive Portal: Add a captive portal to the SSID.

    Complete the Basic Settings and Advanced Settings as required.
    WPA3 Enterprise

    WPA3 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.

    With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).

    Prerequisites

    Configuration
    • Complete the Adding a RADIUS server procedure. The RADIUS server must support 192-bit AES encryption as required by WPA3-Enterprise security level.
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    With enterprise class SSIDs, individual users can have their own login (such as username and password, and VLAN, administrative control).

    • Authentication: Set to WPA3-Enterprise.
    • RADIUS Auth Setting: To define authorized users, set to My RADIUS Server where you use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server

    Complete the Basic Settings and Advanced Settings as required.
    WPA3-OWE/WPA3-OWE Transition

    Add a WPA3 opportunistic wireless (OWE) or WPA3-OWE Transition SSID to a network.

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
    • Authentication: Select WPA3-OWE.
      Enable OWE Transition to allow clients that do not support OWE to connect to an OWE enabled network. This mode requires an Open OWE Transition SSID for such clients to connect.
    • Captive Portal: Add a captive portal to the SSID.

    Complete the Basic Settings and Advanced Settings as required.
    FortiLAN Cloud captive portal

    FortiLAN Cloud includes captive portal settings that you can customize during the SSID addition.

    If you want to create and use your own captive portal, then go to the Adding a My Captive Portal SSID to a network procedure.

    Prerequisites

    Configuration
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you choose one of the following sign on methods, make sure to complete the required setup:
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
    • Authentication: Select Open or WPA2-Personal.
      If you select WPA2-Personal, then type a Pre-shared Key. This password must contain from 8 to 63 characters. Characters can be any combination of upper and lower case letters, numbers, punctuation marks, and symbols.
    • Captive Portal: Select FortiLAN Cloud Captive Portal.
    • MAC Access Control: Select to allow clients identified in the MAC address import list to connect to that SSID.

      • Fail Through Mode. This mode is available if you select the Open authentication. If you select the Fail Through Mode, then the following applies:

        • If a client is not in the MAC address import list, then the client must pass captive-portal authentication to access the internet.

        • If a client is in the MAC address import list, then the client can bypass the captive-portal authentication and access the internet directly.
    • Redirect URL: The URL to which the user is redirected after a successful login; Original request or Specific URL.
    • Walled Garden: The walled garden is a list of web domains that users can access before completing the authentication process. You can type an IP address, domain name, and subnetwork address/mask. Separate multiple entries with a comma.
    • Sign-on Method: Choose one of the following:
      • Click Through: Users go to the captive portal page and click Continue to gain access to the wireless network. Users do not type a username and password.
      • My RADIUS Server: Select a configured RADIUS server.
      • FortiLAN Cloud user and group: Select a configured FortiLAN Cloud group.
      • Self-registered guests: Users access the captive portal page and sign up for an account. They receive their username and password details by SMS or email as defined in step 11 of this procedure.
      • Social media: Users can sign on with their social media account. FortiLAN Cloud supports Facebook, Google+, LinkedIn, and Twitter accounts.

    In the Captive Portal page, you can additionally customize the following.

    • Logo: You can upload an image.
    • Title: You can change the appearance of the title (background color and image as well as the text color) or the text (in English, French, or Japanese).
    • Message: You can add a message (in English, French, or Japanese) and change the background color, image, and text color.
    • Self-Registered: If you selected the sign on method as self-registered guest (in step 5), then you can customize the page for self-registered guests as well as set an account expiration period and a method to generate a username and password.

    Complete the Basic Settings and Advanced Settings as required.
    My Captive Portal

    In this procedure, you are required to create your own captive portal page.

    If you prefer to use and customize an existing captive portal page, then go to the FortiLAN Cloud captive portal procedure instead.

    Prerequisites

    Configuration
    • Authentication: Select Open or WPA2-Personal.
      If you select WPA2-Personal, then type a Pre-shared Key. This password must contain from 8 to 63 characters. Characters can be any combination of upper and lower case letters, numbers, punctuation marks, and symbols.
    • Captive Portal: Select My Captive Portal.
    • MAC Access Control: Select to allow clients identified in the MAC address import list to connect to that SSID.

      • Fail Through Mode. This mode is available if you select the Open authentication. If you select the Fail Through Mode, then the following applies:

        • If a client is not in the MAC address import list, then the client must pass captive-portal authentication to access the internet.

        • If a client is in the MAC address import list, then the client can bypass the captive-portal authentication and access the internet directly.
    • Captive Portal URL: Type the URL of your captive portal page.
    • Redirect URL: The URL to which the user is redirected after a successful login; Original request or Specific URL.
    • Walled Garden: The walled garden is a list of web domains that users can access before completing the authentication process. You can type an IP address, domain name, and subnetwork address/mask. Separate multiple entries with a comma.

    • Sign-on Method

      : Choose one of the following:

      • Click Through: Users go to the captive portal page and click Continue to gain access to the wireless network. Users do not type a username and password.
      • My RADIUS Server: Select a configured RADIUS server.
      • FortiLAN Cloud user and group: Select a configured FortiLAN Cloud group.

    Complete the Basic Settings and Advanced Settings as required.
    Previous
    Next