Configuring WiFi captive portal security – FortiGate captive portal
The built-in FortiGate captive portal is simpler than an external portal. It can even be customized if needed.
To configure a WiFi Captive Portal – web-based manager:
- Go to WiFi & Switch Controller > SSID and create your SSID.
If the SSID already exists, you can edit the SSID or you can edit the WiFi interface in Network > Interfaces.
- In Security Mode, select Captive Portal. Enter
| Portal Type | The portal can provide authentication and/or disclaimer, or perform user email address collection. See Defining a wireless network interface (SSID) on page 36. |
| Authentication Portal | Local |
| User Groups | Select permitted user groups or select Use Groups from Policies, which permits the groups specified in the security policy. |
| Exempt List | Select exempt lists whose members will not be subject to captive portal authentication. |
| Customize Portal Messages | Click the link of the portal page that you want to modify. For more information see the Captive Portal chapter of the Authentication Guide. |
- Select OK.
Hi Mike,
Since I know by following your posts that you are really good the Fortinet in general, please allow me to ask you a question. In a Fortigate, FortiAP and Radius scenario, can I dynamically assign the VLAN to the WIFI users based on their device type? More specifically, I would like to move any iOS/Android to a different VLAN than a normal Windows Client would get. Thanks
You pass it by the 802.1x pass thru of the RADIUS authentication not the device.