Fortinet black logo

Administration Guide

Secure SSID for device onboarding

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:549892
Download PDF

Secure SSID for device onboarding

If this SSID requires a supplicant configuration on the connecting host, the supplicant configuration can be served to the host through an Open SSID. Add the supplicant configuration to one of your Open SSIDs.

  1. Click System > Quick Start.
  2. Select Network Settings > Network Devices from the steps on the left.
  3. Select a device in the Network Devices window.
  4. Click Wireless Security at the bottom.
  5. On the SSID Mappings dialog, click Add.
  6. Click the drop-down arrow in the SSID Name field and select the Name of the SSID to be mapped. These names are read from the wireless device and represent existing SSID configurations on the device.
  7. Click Device Onboarding.
  8. In the Primary RADIUS field select the RADIUS server that FortiNAC should use for authentication. If no RADIUS servers are configured, click New to add one. See Configure RADIUS settings.
  9. In the Secondary RADIUS field select the RADIUS server to be used in the event that the primary RADIUS cannot be accessed. This field is optional.
  10. In the Directory Group field select a group. The connecting user must be a member of this directory group to access the SSID. If you are authenticating through RADIUS instead of LDAP, this option is hidden.
  11. In the Allowed Operating Systems section select one or more operating systems. The connecting host must have one of these operating systems installed to connect to this SSID.
  12. In the Portal Configuration field select the captive portal that should be presented to the user when the host connects to this SSID. If you are not using multiple portals or you do not have a specific portal for this group of guests, select Use Default.
  13. In the Access User Group field select the production User Group to be used for hosts accessing the Secure SSID. These are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  14. In the Isolation User Group field select the User Group to be used to isolate unknown hosts. These User Groups are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  15. Click OK to save the SSID configuration.
Settings

Field

Description

SSID Name

Network name of the SSID configuration that includes all of the settings for the SSID, such as encryption method or VLANs.

Mapping Type

Device Onboarding: Indicates that this SSID Mapping will be used by known network users to register devices.

Guest Management: Indicates that this SSID Mapping will be used by guests to access the network via a guest account.

Primary RADIUS Server

RADIUS server that will be used by FortiNAC for authentication.

Secondary RADIUS Server

Secondary RADIUS server that will be used by FortiNAC for authentication if the primary RADIUS server cannot be reached.

Directory Group

Connecting user must be a member of the selected directory group to access this SSID. If you are authenticating through RADIUS instead of LDAP, this option is hidden.

Allowed Operating
Systems

Allows or denies access to an SSID based on the operating system of the connecting host. Options include:

  • Windows
  • macOS
  • iOS
  • Android
  • RIM
  • Windows Mobile

Portal Configuration

Name of the Portal that will be applied to hosts connecting via this SSID.

Access User Group

Name or number of the network access identifier where a known host or device will be placed, such as, User Group, VLAN ID or VLAN Name.

Isolation User Group

Name or number of the network access identifier, such as, User Group, VLAN ID or VLAN Name, for the Isolation VLAN where an unknown host or device will be placed.

Secure SSID for device onboarding

If this SSID requires a supplicant configuration on the connecting host, the supplicant configuration can be served to the host through an Open SSID. Add the supplicant configuration to one of your Open SSIDs.

  1. Click System > Quick Start.
  2. Select Network Settings > Network Devices from the steps on the left.
  3. Select a device in the Network Devices window.
  4. Click Wireless Security at the bottom.
  5. On the SSID Mappings dialog, click Add.
  6. Click the drop-down arrow in the SSID Name field and select the Name of the SSID to be mapped. These names are read from the wireless device and represent existing SSID configurations on the device.
  7. Click Device Onboarding.
  8. In the Primary RADIUS field select the RADIUS server that FortiNAC should use for authentication. If no RADIUS servers are configured, click New to add one. See Configure RADIUS settings.
  9. In the Secondary RADIUS field select the RADIUS server to be used in the event that the primary RADIUS cannot be accessed. This field is optional.
  10. In the Directory Group field select a group. The connecting user must be a member of this directory group to access the SSID. If you are authenticating through RADIUS instead of LDAP, this option is hidden.
  11. In the Allowed Operating Systems section select one or more operating systems. The connecting host must have one of these operating systems installed to connect to this SSID.
  12. In the Portal Configuration field select the captive portal that should be presented to the user when the host connects to this SSID. If you are not using multiple portals or you do not have a specific portal for this group of guests, select Use Default.
  13. In the Access User Group field select the production User Group to be used for hosts accessing the Secure SSID. These are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  14. In the Isolation User Group field select the User Group to be used to isolate unknown hosts. These User Groups are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  15. Click OK to save the SSID configuration.
Settings

Field

Description

SSID Name

Network name of the SSID configuration that includes all of the settings for the SSID, such as encryption method or VLANs.

Mapping Type

Device Onboarding: Indicates that this SSID Mapping will be used by known network users to register devices.

Guest Management: Indicates that this SSID Mapping will be used by guests to access the network via a guest account.

Primary RADIUS Server

RADIUS server that will be used by FortiNAC for authentication.

Secondary RADIUS Server

Secondary RADIUS server that will be used by FortiNAC for authentication if the primary RADIUS server cannot be reached.

Directory Group

Connecting user must be a member of the selected directory group to access this SSID. If you are authenticating through RADIUS instead of LDAP, this option is hidden.

Allowed Operating
Systems

Allows or denies access to an SSID based on the operating system of the connecting host. Options include:

  • Windows
  • macOS
  • iOS
  • Android
  • RIM
  • Windows Mobile

Portal Configuration

Name of the Portal that will be applied to hosts connecting via this SSID.

Access User Group

Name or number of the network access identifier where a known host or device will be placed, such as, User Group, VLAN ID or VLAN Name.

Isolation User Group

Name or number of the network access identifier, such as, User Group, VLAN ID or VLAN Name, for the Isolation VLAN where an unknown host or device will be placed.