Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.4 Administration Guide
    7.4.4
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    RADIUS VSAs for captive portal redirects NEW

    RADIUS VSAs for captive portal redirects NEW

    RADIUS Vendor-Specific Attributes (VSA) for captive portal redirects provide a smoother user experience during captive portal redirects, especially in environments where vendor-specific attributes are heavily used, such as corporate networks or public Wi-Fi hotspots.

    To configure RADIUS VSA for captive portal redirects:

    1. Configure a RADIUS user:

      config user radius
    edit "pc05"
        set server "172.16.200.55"
        set secret ***************
    next
end

    2. Add the user to a group:

      config user group
    edit "radius-group"
        set member "pc05"
    next
end

    3. Configure the interface to use captive portal authentication and the group:

      config system interface
    edit "port2"
        set security-mode captive-portal
        set security-groups "radius-group"
    next
end

    4. Configure the firewall policy:

      config firewall policy
    edit 1
        set name "1"
        set srcintf "port2"
        set dstintf "mgmt"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set nat enable
    next
end

    5. To check the configuration, on a client PC:

      1. Use a browser to access a web server.

      2. Authenticate using RADIUS.

      3. Browse the redirect to https://www.fortinet.com.

      4. Check the list of authenticated users:

        # diagnose firewall auth list

10.1.100.11, 962341
        src_mac: 00:0c:29:61:d4:13
        type: fw, id: 0, duration: 752, idled: 2
        expire: 298, allow-idle: 300
        flag(10): radius
        server: pc05
        packets: in 8531 out 7654, bytes: in 7972540 out 1104574
        group_id: 1
        group_name: radius-group

----- 1 listed, 0 filtered ------
    Previous
    Next

    RADIUS VSAs for captive portal redirects NEW

    RADIUS VSAs for captive portal redirects NEW

    RADIUS Vendor-Specific Attributes (VSA) for captive portal redirects provide a smoother user experience during captive portal redirects, especially in environments where vendor-specific attributes are heavily used, such as corporate networks or public Wi-Fi hotspots.

    To configure RADIUS VSA for captive portal redirects:

    1. Configure a RADIUS user:

      config user radius
    edit "pc05"
        set server "172.16.200.55"
        set secret ***************
    next
end

    2. Add the user to a group:

      config user group
    edit "radius-group"
        set member "pc05"
    next
end

    3. Configure the interface to use captive portal authentication and the group:

      config system interface
    edit "port2"
        set security-mode captive-portal
        set security-groups "radius-group"
    next
end

    4. Configure the firewall policy:

      config firewall policy
    edit 1
        set name "1"
        set srcintf "port2"
        set dstintf "mgmt"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set nat enable
    next
end

    5. To check the configuration, on a client PC:

      1. Use a browser to access a web server.

      2. Authenticate using RADIUS.

      3. Browse the redirect to https://www.fortinet.com.

      4. Check the list of authenticated users:

        # diagnose firewall auth list

10.1.100.11, 962341
        src_mac: 00:0c:29:61:d4:13
        type: fw, id: 0, duration: 752, idled: 2
        expire: 298, allow-idle: 300
        flag(10): radius
        server: pc05
        packets: in 8531 out 7654, bytes: in 7972540 out 1104574
        group_id: 1
        group_name: radius-group

----- 1 listed, 0 filtered ------
    Previous
    Next