Captive portals

Captive portals

A captive portal is a convenient way to authenticate web users on wired or WiFi networks. This section describes:

  • Introduction to Captive Portals
  • Configuring a captive portal
  • Customizing captive portal pages

 

Introduction to Captive Portals

You can authenticate your users on a web page that requests the user’s name and password. Until the user authenticates successfully, the authentication page is returned in response to any HTTP request. This is called a captive portal.

After successful authentication, the user accesses the requested URL and can access other web resources, as permitted by security policies. Optionally, the captive portal itself can allow web access to only the members of specified user group.

The captive portal can be hosted on the FortiGate unit or on an external authentication server. You can configure captive portal authentication on any network interface, including WiFi and VLAN interfaces.

When a captive portal is configured on a WiFi interface, the access point initially appears open. The wireless client can connect to the access point with no security credentials, but sees only the captive portal authentication page.

 

WiFi captive portal types:

  • Authentication — until the user enters valid credentials, no communication beyond the AP is permitted.
  • Disclaimer + Authentication — immediately after successful authentication, the portal presents the disclaimer page—an acceptable use policy or other legal statement—to which the user must agree before proceeding.
  • Disclaimer Only — the portal presents the disclaimer page—an acceptable use policy or other legal statement—to which the user must agree before proceeding. The authentication page is not presented.
  • Email Collection — the portal presents a page requesting the user’s email address, for the purpose of contacting the person in future. This is often used by businesses who provide free WiFi access to their customers. The authentication page is not presented.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

3 thoughts on “Captive portals

  1. Abderrazak

    hello
    i want to add a short video in the portal captive authentification page is it possible to do it using fortipresence. or any other fortinet product
    thanks for help

    Reply
  2. Justin St-Maurice

    Any idea if you can trigger the portal for only certain websites or URLs? I’d like to block access to my management servers via a portal (say, if a user connects to anything in 172.35.0.2/24). However, if they are off to the internet, I don’t want to show them a portal.

    Reply

Leave a Reply to Justin Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.