Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Creating a wired guest interface on FortiSwitch

This solution demonstrates the configuration when a FortiSwitch is used.

When a 3rd party switch is used instead, create a VLAN sub-interface instead of a FortiSwitch VLAN. Connect the FortiGate interface to the trunk port of the switch.

To create a wired guest interface:
  1. Go to WiFi & Switch Controller > FortiSwitch VLANs.
  2. Select Create New.
  3. In the New Interface window, enter a name for the interface. Optionally, enter an alias.
  4. Select 802.1Q as the VLAN protocol.
  5. Ensure that a FortiLink interface member is selected in Interface.
  6. In VLAN ID, enter a VLAN ID, here 61.
  7. Ensure that the Role is set as LAN.
  8. In the Address pane:
    1. In Addressing mode, select Manual.
    2. In IP/Netmask, enter an IP address/netmask.
    3. In IPv6 addressing mode, select Manual.
    4. Ensure that the Create address object matching subnet is enabled.
  9. Enable DHCP Server, and in the DHCP server pane:
    1. Enter an address range.
    2. For DNS server, select Specify, click the Add icon, and enter the IP address of the FortiSwitch.
  10. In the Network pane:
    1. Ensure that Device detection is enabled.
    2. Enable Security mode, and from the dropdown, ensure that Captive Portal is selected.
    3. In Authentication portal, select External, and enter the portal URL for the captive portal policy configured on FortiAuthenticator.

      See Captive portal policy.

    4. In User access, select Restricted to Groups.
    5. In User groups, select Guest.

      See Guest group on FortiGate.

    6. In Exempt destinations/services, select the address objects for the FortiAuthenticator and DNS servers.

      For the selected addresses and services, FortiGate does not present the captive portal page when the policy for the selected traffic is matched.

      In the Select Entries window, go to Create > Create New to create new addresses and services.

    7. Optionally, in Redirect after Captive Portal, select Specific Request, and enter a URL to redirect users to a specific URL once authenticated.
  11. Click OK.

Creating a wired guest interface on FortiSwitch

This solution demonstrates the configuration when a FortiSwitch is used.

When a 3rd party switch is used instead, create a VLAN sub-interface instead of a FortiSwitch VLAN. Connect the FortiGate interface to the trunk port of the switch.

To create a wired guest interface:
  1. Go to WiFi & Switch Controller > FortiSwitch VLANs.
  2. Select Create New.
  3. In the New Interface window, enter a name for the interface. Optionally, enter an alias.
  4. Select 802.1Q as the VLAN protocol.
  5. Ensure that a FortiLink interface member is selected in Interface.
  6. In VLAN ID, enter a VLAN ID, here 61.
  7. Ensure that the Role is set as LAN.
  8. In the Address pane:
    1. In Addressing mode, select Manual.
    2. In IP/Netmask, enter an IP address/netmask.
    3. In IPv6 addressing mode, select Manual.
    4. Ensure that the Create address object matching subnet is enabled.
  9. Enable DHCP Server, and in the DHCP server pane:
    1. Enter an address range.
    2. For DNS server, select Specify, click the Add icon, and enter the IP address of the FortiSwitch.
  10. In the Network pane:
    1. Ensure that Device detection is enabled.
    2. Enable Security mode, and from the dropdown, ensure that Captive Portal is selected.
    3. In Authentication portal, select External, and enter the portal URL for the captive portal policy configured on FortiAuthenticator.

      See Captive portal policy.

    4. In User access, select Restricted to Groups.
    5. In User groups, select Guest.

      See Guest group on FortiGate.

    6. In Exempt destinations/services, select the address objects for the FortiAuthenticator and DNS servers.

      For the selected addresses and services, FortiGate does not present the captive portal page when the policy for the selected traffic is matched.

      In the Select Entries window, go to Create > Create New to create new addresses and services.

    7. Optionally, in Redirect after Captive Portal, select Specific Request, and enter a URL to redirect users to a specific URL once authenticated.
  11. Click OK.