Fortinet black logo

Cookbook

Configuring the FortiGate to allow access to the FortiAuthenticator

Copy Link
Copy Doc ID 53d09085-7746-11e9-81a4-00505692583a:490856
Download PDF

Configuring the FortiGate to allow access to the FortiAuthenticator

  1. On the FortiGate, go to Policy & Objects > Addresses and add the FortiAuthenticator firewall object.
  2. For Subnet/IP Range enter the IP address of the FortiAuthenticator.

  3. Go to Policy & Objects > IPv4 Policy and create the FortiAuthenticator access policy.
  4. Set Incoming Interface to the WiFi SSID interface and set Source Address to all.

    Set Outgoing Interface to the Internet-facing interface and set Destination Address to the FortiAuthenticator address object.

    Set Service to ALL and enable NAT.

    Once created, note the policy's ID using the ID column.

  5. Open the CLI Console and enter the following command to exempt the FortiAuthenticator access policy from the captive portal:
  6. config firewall policy

    edit <policy_id>

    set captive-portal-exempt enable

    next

    end

    This command allows access to the external captive portal.

Configuring the FortiGate to allow access to the FortiAuthenticator

  1. On the FortiGate, go to Policy & Objects > Addresses and add the FortiAuthenticator firewall object.
  2. For Subnet/IP Range enter the IP address of the FortiAuthenticator.

  3. Go to Policy & Objects > IPv4 Policy and create the FortiAuthenticator access policy.
  4. Set Incoming Interface to the WiFi SSID interface and set Source Address to all.

    Set Outgoing Interface to the Internet-facing interface and set Destination Address to the FortiAuthenticator address object.

    Set Service to ALL and enable NAT.

    Once created, note the policy's ID using the ID column.

  5. Open the CLI Console and enter the following command to exempt the FortiAuthenticator access policy from the captive portal:
  6. config firewall policy

    edit <policy_id>

    set captive-portal-exempt enable

    next

    end

    This command allows access to the external captive portal.