Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.6.0 Cookbook

FortiConnect guest on-boarding using RSSO

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:235582
Download PDF

FortiConnect guest on-boarding using RSSO

This example shows using RADIUS Single Sign-On (RSSO), FortiGate, FortiConnect (for guest portal and RADIUS authentication), and FortiWLC (for providing wireless access). Captive portal users are mapped to user groups on the FortiGate and security policies are applied based on these user groups.

Authentication flow:
  1. User authenticates to WLC via a security profile where a RADIUS authentication is established (802.1x / captive portal).
  2. WLC validates user credentials at RADIUS server.
  3. RADIUS servers authenticate user for access and sends access-accept back to WLC to allow connection (including class attribute).
  4. WLC allows device/user to establish wireless connection.
  5. WLC sends accounting packets to RADIUS server.
  6. RADIUS server proxies those accounting packets and forwards them to FortiGate.
  7. FortiGate registers user and maps the user to an RSSO-user group.
Previous
Next

FortiConnect guest on-boarding using RSSO

This example shows using RADIUS Single Sign-On (RSSO), FortiGate, FortiConnect (for guest portal and RADIUS authentication), and FortiWLC (for providing wireless access). Captive portal users are mapped to user groups on the FortiGate and security policies are applied based on these user groups.

Authentication flow:
  1. User authenticates to WLC via a security profile where a RADIUS authentication is established (802.1x / captive portal).
  2. WLC validates user credentials at RADIUS server.
  3. RADIUS servers authenticate user for access and sends access-accept back to WLC to allow connection (including class attribute).
  4. WLC allows device/user to establish wireless connection.
  5. WLC sends accounting packets to RADIUS server.
  6. RADIUS server proxies those accounting packets and forwards them to FortiGate.
  7. FortiGate registers user and maps the user to an RSSO-user group.
Previous
Next