Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

FortiAuthenticator as a Wired Guest Portal for FortiGate

In the topology above:

  • FortiSwitch is connected to FortiGate via FortiLink.

  • VLAN 61 is the FortiSwitch VLAN.

  • A FortiAP or a 3rd party AP is connected to FortiSwitch on VLAN 61, thereby assigning IPs in that range to clients in bridge mode.

  • Other wired users are directly connected to the FortiSwitch ports on VLAN 61, receiving IPs in that range and hitting the captive portal.

This recipe walks you through setting up FortiAuthenticator as a wired guest portal.

The recipe may be used where 3rd party access point is using a bridged SSID to place client traffic into a specific VLAN (here, VLAN 61).

A 3rd party switch can also be used instead of FortiSwitch. When a 3rd party switch is used, FortiGate will connect to the switch's trunk port.
To set up FortiAuthenticator as a wired guest portal:
  1. Configuring FortiGate as a RADIUS client.
  2. Creating a user group on FortiAuthenticator for guest users.
  3. Creating a guest portal on FortiAuthenticator.
  4. Configuring an access point on FortiAuthenticator.
  5. Configuring a captive portal policy on FortiAuthenticator.
  6. Configuring FortiAuthenticator as a RADIUS server on FortiGate.
  7. Creating a guest group on FortiGate.
  8. Creating a wired guest interface on FortiSwitch.
  9. Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet.
  10. Configuring firewall authentication portal settings on FortiGate.

FortiAuthenticator as a Wired Guest Portal for FortiGate

In the topology above:

  • FortiSwitch is connected to FortiGate via FortiLink.

  • VLAN 61 is the FortiSwitch VLAN.

  • A FortiAP or a 3rd party AP is connected to FortiSwitch on VLAN 61, thereby assigning IPs in that range to clients in bridge mode.

  • Other wired users are directly connected to the FortiSwitch ports on VLAN 61, receiving IPs in that range and hitting the captive portal.

This recipe walks you through setting up FortiAuthenticator as a wired guest portal.

The recipe may be used where 3rd party access point is using a bridged SSID to place client traffic into a specific VLAN (here, VLAN 61).

A 3rd party switch can also be used instead of FortiSwitch. When a 3rd party switch is used, FortiGate will connect to the switch's trunk port.
To set up FortiAuthenticator as a wired guest portal:
  1. Configuring FortiGate as a RADIUS client.
  2. Creating a user group on FortiAuthenticator for guest users.
  3. Creating a guest portal on FortiAuthenticator.
  4. Configuring an access point on FortiAuthenticator.
  5. Configuring a captive portal policy on FortiAuthenticator.
  6. Configuring FortiAuthenticator as a RADIUS server on FortiGate.
  7. Creating a guest group on FortiGate.
  8. Creating a wired guest interface on FortiSwitch.
  9. Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet.
  10. Configuring firewall authentication portal settings on FortiGate.