Fortinet white logo
Fortinet white logo

Administration Guide

Secure SSID for guest management

Secure SSID for guest management

  1. Go to Policy > Policy Configuration > Supplicant EasyConnect > Configuration.
  2. Click System > Quick Start.
  3. Select Network Settings > Network Devices from the steps on the left.
  4. Select a device in the Network Devices window.
  5. Click Wireless Security.
  6. On the SSID Mappings dialog, click Add.
  7. Click the drop-down arrow in the SSID Name field and select the Name of the SSID to be mapped. These names are read from the wireless device and represent existing SSID configurations on the device.
  8. Select Guest Management.
  9. In the Primary RADIUS field select the RADIUS server that FortiNAC should use for authentication. If no RADIUS servers are configured, click New to add one. See Proxy.
  10. In the Secondary RADIUS field select the RADIUS server to be used in the event that the primary RADIUS cannot be accessed. This field is optional.
  11. In the Guest Template field select the template that is required for guest access using this SSID.
  12. In the Portal Configuration field select the captive portal that should be presented to the user when the host connects to this SSID. If you are not using multiple portals or you do not have a specific portal for this group of guests, select Use Default.
  13. In the Access User Group field select the production User Group to be used for hosts accessing the Secure SSID using a guest account. These are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  14. In the Isolation User Group field select the User Group to be used to isolate unknown hosts. These User Groups are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  15. Click OK to save the SSID configuration.
Settings

Field

Description

SSID Name

Network name of the SSID configuration that includes all of the settings for the SSID, such as encryption method or VLANs.

Mapping Type

Device Onboarding: Indicates that this SSID Mapping will be used by known network users to register devices.

Guest Management: Indicates that this SSID Mapping will be used by guests to access the network via a guest account.

Primary RADIUS Server

RADIUS server that will be used by FortiNAC for authentication.

Secondary RADIUS Server

Secondary RADIUS server that will be used by FortiNAC for authentication if the primary RADIUS server cannot be reached.

Guest Template

Guest template that must be associated with a guest account in order for the guest to connect on this SSID.

Portal Configuration

Name of the Portal that will be applied to hosts connecting via this SSID.

Access User Group

Name or number of the network access identifier where a known host or device will be placed, such as, User Group, VLAN ID or VLAN Name.

Isolation User Group

Name or number of the network access identifier, such as, User Group, VLAN ID or VLAN Name, for the Isolation VLAN where an unknown host or device will be placed.

Secure SSID for guest management

Secure SSID for guest management

  1. Go to Policy > Policy Configuration > Supplicant EasyConnect > Configuration.
  2. Click System > Quick Start.
  3. Select Network Settings > Network Devices from the steps on the left.
  4. Select a device in the Network Devices window.
  5. Click Wireless Security.
  6. On the SSID Mappings dialog, click Add.
  7. Click the drop-down arrow in the SSID Name field and select the Name of the SSID to be mapped. These names are read from the wireless device and represent existing SSID configurations on the device.
  8. Select Guest Management.
  9. In the Primary RADIUS field select the RADIUS server that FortiNAC should use for authentication. If no RADIUS servers are configured, click New to add one. See Proxy.
  10. In the Secondary RADIUS field select the RADIUS server to be used in the event that the primary RADIUS cannot be accessed. This field is optional.
  11. In the Guest Template field select the template that is required for guest access using this SSID.
  12. In the Portal Configuration field select the captive portal that should be presented to the user when the host connects to this SSID. If you are not using multiple portals or you do not have a specific portal for this group of guests, select Use Default.
  13. In the Access User Group field select the production User Group to be used for hosts accessing the Secure SSID using a guest account. These are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  14. In the Isolation User Group field select the User Group to be used to isolate unknown hosts. These User Groups are read from the wireless device and represent existing User Groups that have been configured on the wireless device.
  15. Click OK to save the SSID configuration.
Settings

Field

Description

SSID Name

Network name of the SSID configuration that includes all of the settings for the SSID, such as encryption method or VLANs.

Mapping Type

Device Onboarding: Indicates that this SSID Mapping will be used by known network users to register devices.

Guest Management: Indicates that this SSID Mapping will be used by guests to access the network via a guest account.

Primary RADIUS Server

RADIUS server that will be used by FortiNAC for authentication.

Secondary RADIUS Server

Secondary RADIUS server that will be used by FortiNAC for authentication if the primary RADIUS server cannot be reached.

Guest Template

Guest template that must be associated with a guest account in order for the guest to connect on this SSID.

Portal Configuration

Name of the Portal that will be applied to hosts connecting via this SSID.

Access User Group

Name or number of the network access identifier where a known host or device will be placed, such as, User Group, VLAN ID or VLAN Name.

Isolation User Group

Name or number of the network access identifier, such as, User Group, VLAN ID or VLAN Name, for the Isolation VLAN where an unknown host or device will be placed.