Guest access in a retail environment
Some retail businesses such as coffee shops provide free Wi-Fi Internet access for their customers. For this type of application, the FortiOS guest management feature is not required; the Wi-Fi access point is open and customers do not need logon credentials. However, the business might want to contact its customers later with promotional offers to encourage further patronage. Using an Email Collection portal, it is possible to collect customer email addresses for this purpose. The security policy grants network access only to users who provide a valid email address.
The first time a customer’s device attempts to use the Wi-Fi connection, FortiOS requests an email address, which it validates. The customer’s subsequent connections go directly to the Internet without interruption.
Creating an email harvesting portal
The customer’s first contact with your network will be with a captive portal which presents a web page requesting an email address. When FortiOS has validated the email address, the customer’s device MAC address is added to the Collected Emails device group.
To create the email collection portal:
1. Go to WiFi & Switch Controller > WiFi Network > SSID and edit your SSID.
2. Set Security Mode to Captive Portal.
3. Set Portal Type to Email Collection.
4. Optionally, in Customize Portal Messages select Email Collection.
You can change the portal content and appearance. See Customizing captive portal pages on page 516.
To create the email collection portal – CLI:
In this example the freewifi Wi-Fi interface is modified to present an email collection captive portal.
config wireless-controller vap edit freewifi
set security captive-portal set portal-type email-collect
Creating the security policy
You need configure a security policy that allows traffic to flow from the Wi-Fi SSID to the Internet interface but only for members of the Collected Emails device group. This policy must be listed first. Unknown devices are not members of the Collected Emails device group, so they do not match the policy.
To create the security policy:
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information:
Incoming Interface freewifi
Source Address all
Source Device Type Collected Emails
Outgoing Interface wan1
Destination Address all
3. Select OK.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU