Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Creating a wireless guest SSID on FortiGate

To create a wireless guest SSID:
  1. Go to WiFi & Switch Controller > SSIDs.
  2. From the Create New dropdown, select SSID.
  3. Enter a Name for the interface. Optionally, you can enter an alias.
  4. In Traffic mode, select Tunnel. Alternatively, you can select Bridge.
  5. In the Address pane, enter an IP address/netmask for IP/Netmask.
  6. Enable DHCP Server, and keep the default settings in the DHCP Server pane.
  7. In the WiFi Settings pane:
    1. Enter SSID name that is broadcasted to the WiFi clients.
    2. In the Security mode dropdown, select Captive Portal.
    3. In the Portal type dropdown, ensure Authentication is selected.
    4. In Authentication portal, select External, and enter the portal URL for the captive portal policy configured on FortiAuthenticator. See Captive portal policy.
    5. In User groups, select Guest. See Guest group on FortiGate.
    6. In Exempt destinations/services, select the address objects for the FortiAuthenticator and DNS servers. For the selected addresses and services, FortiGate does not present the captive portal page when the policy for the selected traffic is matched.

      In the Select Entries window, go to Create > Create New to create new addresses and services.

    7. Optionally, in Redirect after Captive Portal, select Specific URL, and enter a URL to redirect users to a specific URL once authenticated.
  8. Click OK.

Creating a wireless guest SSID on FortiGate

To create a wireless guest SSID:
  1. Go to WiFi & Switch Controller > SSIDs.
  2. From the Create New dropdown, select SSID.
  3. Enter a Name for the interface. Optionally, you can enter an alias.
  4. In Traffic mode, select Tunnel. Alternatively, you can select Bridge.
  5. In the Address pane, enter an IP address/netmask for IP/Netmask.
  6. Enable DHCP Server, and keep the default settings in the DHCP Server pane.
  7. In the WiFi Settings pane:
    1. Enter SSID name that is broadcasted to the WiFi clients.
    2. In the Security mode dropdown, select Captive Portal.
    3. In the Portal type dropdown, ensure Authentication is selected.
    4. In Authentication portal, select External, and enter the portal URL for the captive portal policy configured on FortiAuthenticator. See Captive portal policy.
    5. In User groups, select Guest. See Guest group on FortiGate.
    6. In Exempt destinations/services, select the address objects for the FortiAuthenticator and DNS servers. For the selected addresses and services, FortiGate does not present the captive portal page when the policy for the selected traffic is matched.

      In the Select Entries window, go to Create > Create New to create new addresses and services.

    7. Optionally, in Redirect after Captive Portal, select Specific URL, and enter a URL to redirect users to a specific URL once authenticated.
  8. Click OK.