Fortigate Captive Portal Configuration

A captive portal is a web page that is presented to users when they attempt to connect to a network. Captive portals are commonly used in public Wi-Fi hotspots, hotels, and other places where the network owner wants to control the access to the network. FortiGate firewall offers a captive portal feature that can be used to authenticate users and control network access. In this blog post, we’ll discuss how to configure captive portal on FortiGate firewall.

1. Log in to the FortiGate Web Interface:

• Open a web browser and enter the IP address of your FortiGate device.
• Log in using your administrative credentials.

2. Configure Network Interfaces:

• Ensure that you have configured your network interfaces correctly. You should have at least two interfaces: one for the unauthenticated guest network and another for the trusted network.

3. Create a User Group:

• Before setting up the captive portal, create a user group that will contain the users allowed to access the network through the captive portal.
  • Go to “User & Device” > “User Groups” and click “Create New.”
  • Define the group’s name and add users to it if needed.

4. Create a Security Policy:

• You need to create a security policy to control traffic between the unauthenticated network and the trusted network.
  • Go to “Policy & Objects” > “IPv4 Policy” and click “Create New.”
  • Configure the source interface, source address (unauthenticated network), destination interface, and destination address (trusted network).
  • Set the “Action” to “Captive Portal.”

5. Configure Captive Portal:

• Now, you need to set up the captive portal itself.
  • Go to “Security Fabric” > “Captive Portal” and click “Create New.”
  • Enter a name for the captive portal.

6. Configure Authentication Settings:

• Under the “Authentication” tab:
  • Select the user group you created earlier.
  • Choose the authentication method (usually, you’d use “Local Database” for basic username and password authentication).
  • Set the authentication timeout.
  • Customize the authentication message if desired.

7. Configure Authentication Portal Settings:

• Under the “Authentication Portal” tab:
  • Define the portal message and login message.
  • Customize the look and feel of the portal page, including logos and background images.

8. Configure Redirect Settings:

• Under the “Redirect” tab:
  • Specify the redirection type. Typically, you’d use “External Web Page” to direct users to a terms and conditions page or login page hosted externally.

9. Create a Firewall Policy for Redirect:

• Create a firewall policy to redirect traffic to the captive portal.
  • Go to “Policy & Objects” > “IPv4 Policy” and click “Create New.”
  • Set the source and destination interfaces and addresses.
  • Set the action to “SSL-VPN” and choose the captive portal you created earlier as the SSL-VPN portal.

10. Configure DNS and Web Filtering: – You may want to configure DNS and web filtering policies to control access for authenticated users.

11. Test the Captive Portal: – To test the captive portal, connect a device to the unauthenticated network and attempt to access the internet. You should be redirected to the captive portal login page.

12. Monitor and Troubleshoot: – Continuously monitor the captive portal for user activity and any issues that may arise. Check logs and statistics for troubleshooting.

Remember that this is a high-level overview of the FortiGate captive portal configuration process. Depending on your specific requirements and network setup, there may be additional configuration options and steps needed to meet your needs. Always refer to the FortiGate documentation and consult with Fortinet support if you encounter any difficulties or require advanced features.