Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Configuring Captive Portal on FortiLAN Cloud

    Home FortiPresence VM 3.0.0 Configuring Captive Portal on FortiLAN Cloud
    3.0.0
    3.0.0

    Configuring Captive Portal on FortiLAN Cloud

    Configuring Captive Portal on FortiLAN Cloud

    Captive Portal configurations for wireless access to visitors are to be accomplished on both FortiPresence and FortiLAN Cloud based on the deployed access points. You are required to configure RADIUS profiles for authentication and specify the FQDN URL that is exempted and enabled to process social WiFi login. For example, to allow Facebook login, enter www.facebook.com. The list of FQDNs are available on the FortiPresence GUI – Captive Portal > RADIUS Clients.

    Note: The RADIUS server/FortiPresence Connect IP address is the FortiPresence VM IP address. Port 1812 is used for authentication and 1813 for accounting.

    Note: Prior to configuring Captive Portal ensure the following are configured in FortiPresence.

    Follow this procedure to create RADIUS clients on FortiPresence.

    1. On the FortiPresence GUI navigate to Captive Portal > Radius Clients to create a RADIUS client for the public IP address of FortiLAN Cloud.
    2. Enter the RADIUS Client Name, RADIUS Client IP, RADIUS Secret Key, and select the Device Type as FortiLANCloud.

      Configure the following if RADIUS authentication is triggered from FortiLAN Cloud.

      • Set the RADIUS client type to FortiLAN Cloud in the FortiPresence GUI.

      • Ensure to set a public RADIUS server IP address of FortiPresence and NOT a private one in the FortiLAN Cloud GUI based on the location of the FortiPresence.

      Configure the following if RADIUS authentication is triggered from the FortiAP.

      • Set the RADIUS client type to FortiGate and the IP address to that of the FortiAP in the FortiPresence GUI.

      • Ensure to set a public/private RADIUS server IP address of FortiPresence in the FortiLAN Cloud GUI based on the location of the FortiAP and FortiPresence.

    Follow this procedure on the FortiLAN Cloud GUI to configure captive portal.

    1. Select a configured AP Network and navigate to Wireless > Configuration > User Access Control > My RADIUS Server to configure a RADIUS profile. Click Add My RADIUS Server.
      Update the configuration parameters as required.
    2. Enter the Primary Server Name/IP.
      Configure the following if RADIUS authentication is triggered from the FortiAP.
    3. The Primary Server Secret should be the same as the RADIUS Secret Key configured on the FortiPresence GUI (Captive Portal > RADIUS Clients). Click Apply and update the configuration parameters as required.
      Note: Configure the Project Secret Key to fortipresence for all FortiLAN Cloud setups.

    4. Navigate to Configure > SSIDs to create an SSID. Configure the Captive Portal as My Captive Portal and enter the Captive Portal URL, (Captive Portal URL copied from the FortiPresence GUI – Captive Portal Site-Portal Config > RADIUS config).
    5. Set the Redirect URL to Specific URL and enter https://<FortiPresence connect server FQDN>/portal/success. The actual redirect option can be specified while creating the portal on FortiPresence GUI - Adding a Portal.
    6. Enter the FQDN based exclusions in the Walled Garden list. A comma separated list with character limitation is supported.
      You can view the complete list of exempted FQDNs in the FortiPresence GUI – Captive Portal > Radius Clients > Exemption site list.
      Notes:

    • Add the IP address or FQDN of the FortiPresence Connect server in the exemption list. The FQDN details are listed in Configuration > Server Settings.

    • If the captive portal is configured for OAuth, then the FortiPresence Connect server FQDN is mandatory.

  • Select My RADIUS Server and specify the RADIUS profile created earlier in this procedure as the Sign on Method.
  • Click Next and update the configuration parameters as required. Click Apply.
    • Previous
    Next

    Configuring Captive Portal on FortiLAN Cloud

    Configuring Captive Portal on FortiLAN Cloud

    Captive Portal configurations for wireless access to visitors are to be accomplished on both FortiPresence and FortiLAN Cloud based on the deployed access points. You are required to configure RADIUS profiles for authentication and specify the FQDN URL that is exempted and enabled to process social WiFi login. For example, to allow Facebook login, enter www.facebook.com. The list of FQDNs are available on the FortiPresence GUI – Captive Portal > RADIUS Clients.

    Note: The RADIUS server/FortiPresence Connect IP address is the FortiPresence VM IP address. Port 1812 is used for authentication and 1813 for accounting.

    Note: Prior to configuring Captive Portal ensure the following are configured in FortiPresence.

    Follow this procedure to create RADIUS clients on FortiPresence.

    1. On the FortiPresence GUI navigate to Captive Portal > Radius Clients to create a RADIUS client for the public IP address of FortiLAN Cloud.
    2. Enter the RADIUS Client Name, RADIUS Client IP, RADIUS Secret Key, and select the Device Type as FortiLANCloud.

      Configure the following if RADIUS authentication is triggered from FortiLAN Cloud.

      • Set the RADIUS client type to FortiLAN Cloud in the FortiPresence GUI.

      • Ensure to set a public RADIUS server IP address of FortiPresence and NOT a private one in the FortiLAN Cloud GUI based on the location of the FortiPresence.

      Configure the following if RADIUS authentication is triggered from the FortiAP.

      • Set the RADIUS client type to FortiGate and the IP address to that of the FortiAP in the FortiPresence GUI.

      • Ensure to set a public/private RADIUS server IP address of FortiPresence in the FortiLAN Cloud GUI based on the location of the FortiAP and FortiPresence.

    Follow this procedure on the FortiLAN Cloud GUI to configure captive portal.

    1. Select a configured AP Network and navigate to Wireless > Configuration > User Access Control > My RADIUS Server to configure a RADIUS profile. Click Add My RADIUS Server.
      Update the configuration parameters as required.
    2. Enter the Primary Server Name/IP.
      Configure the following if RADIUS authentication is triggered from the FortiAP.
    3. The Primary Server Secret should be the same as the RADIUS Secret Key configured on the FortiPresence GUI (Captive Portal > RADIUS Clients). Click Apply and update the configuration parameters as required.
      Note: Configure the Project Secret Key to fortipresence for all FortiLAN Cloud setups.

    4. Navigate to Configure > SSIDs to create an SSID. Configure the Captive Portal as My Captive Portal and enter the Captive Portal URL, (Captive Portal URL copied from the FortiPresence GUI – Captive Portal Site-Portal Config > RADIUS config).
    5. Set the Redirect URL to Specific URL and enter https://<FortiPresence connect server FQDN>/portal/success. The actual redirect option can be specified while creating the portal on FortiPresence GUI - Adding a Portal.
    6. Enter the FQDN based exclusions in the Walled Garden list. A comma separated list with character limitation is supported.
      You can view the complete list of exempted FQDNs in the FortiPresence GUI – Captive Portal > Radius Clients > Exemption site list.
      Notes:

    • Add the IP address or FQDN of the FortiPresence Connect server in the exemption list. The FQDN details are listed in Configuration > Server Settings.

    • If the captive portal is configured for OAuth, then the FortiPresence Connect server FQDN is mandatory.

  • Select My RADIUS Server and specify the RADIUS profile created earlier in this procedure as the Sign on Method.
  • Click Next and update the configuration parameters as required. Click Apply.
    • Previous
    Next