Fortigate Captive Portal Configuration

A captive portal is a web page that is presented to users when they attempt to connect to a network. Captive portals are commonly used in public Wi-Fi hotspots, hotels, and other places where the network owner wants to control the access to the network. FortiGate firewall offers a captive portal feature that can be used to authenticate users and control network access. In this blog post, we’ll discuss how to configure captive portal on FortiGate firewall.

Step 1: Configure FortiGate Firewall

1. Login to your FortiGate firewall and go to User & Device > Authentication > Captive Portal. Here you can configure the captive portal settings such as authentication method, user groups, and web page settings.
2. Configure User Groups: In this step, you’ll create user groups to which users will be assigned after authentication. Go to User & Device > User Groups and create the user groups that you want to use for captive portal authentication.
3. Configure Web Page Settings: In this step, you’ll configure the web page settings for the captive portal. You can upload your own HTML file or use the default web page provided by FortiGate firewall.

Step 2: Configure Authentication Method

1. FortiGate firewall supports various authentication methods for captive portal, including local users, RADIUS, LDAP, and TACACS+. Choose the authentication method that you want to use and configure it accordingly.
2. If you’re using local user authentication, go to User & Device > User > User Definition and create the local users that you want to use for captive portal authentication.

Step 3: Configure Firewall Policies

1. Once you’ve configured the captive portal settings and authentication method, you need to create firewall policies to allow traffic to and from the captive portal. Go to Policy & Objects > IPv4 Policy and create a new policy for the captive portal traffic.
2. In the source field, select the interface where the captive portal will be presented. In the destination field, select the destination address range for the captive portal. In the service field, select the HTTP and HTTPS services.

Step 4: Test the Captive Portal

1. Once you’ve completed the configuration, you can test the captive portal by connecting to the network and attempting to access the internet. You should be presented with the captive portal login page.
2. Enter the username and password that you created in the authentication method configuration and click login. If the authentication is successful, you should be redirected to the internet.

Conclusion: Captive portal is a powerful feature that can be used to authenticate users and control network access on FortiGate firewall. By following the above steps, you can easily configure captive portal on FortiGate firewall and start using it to control network access. Make sure to test the captive portal after configuration to ensure that it’s working properly.