Configuring WiFi captive portal security – FortiGate captive portal
The built-in FortiGate captive portal is simpler than an external portal. It can even be customized if needed.
To configure a WiFi Captive Portal – web-based manager:
- Go to WiFi & Switch Controller > SSID and create your SSID.
If the SSID already exists, you can edit the SSID or you can edit the WiFi interface in Network > Interfaces.
- In Security Mode, select Captive Portal. Enter
| Portal Type | The portal can provide authentication and/or disclaimer, or perform user email address collection. See Defining a wireless network interface (SSID) on page 36. |
| Authentication Portal | Local |
| User Groups | Select permitted user groups or select Use Groups from Policies, which permits the groups specified in the security policy. |
| Exempt List | Select exempt lists whose members will not be subject to captive portal authentication. |
| Customize Portal Messages | Click the link of the portal page that you want to modify. For more information see the Captive Portal chapter of the Authentication Guide. |
- Select OK.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Hi Mike,
Since I know by following your posts that you are really good the Fortinet in general, please allow me to ask you a question. In a Fortigate, FortiAP and Radius scenario, can I dynamically assign the VLAN to the WIFI users based on their device type? More specifically, I would like to move any iOS/Android to a different VLAN than a normal Windows Client would get. Thanks
You pass it by the 802.1x pass thru of the RADIUS authentication not the device.