Chapter 5. Authentication

5.1 Captive Portal

Learning Objectives

  • Configure a Captive Portal
Scenario: We are planning to enable Captive Portal on port2. Then, when users want to connect to the Internet, first they should enter their username and password and after that they are allowed to surf the Internet.
Captive Portal main scenario
Figure 5.1: Main scenario
Table 5.1: Devices configuration
Device IP address Access
WebTerm1 192.168.1.2/24
FortiGate Port 1: DHCP Client

Port 2: 192.168.1.1/24

Port 3: 192.168.0.1/24

ICMP

HTTP

HTTPS

WebTerm (FMC) 192.168.0.2/24
  1. Prerequisites:
    1. Set the IP addresses in the firewall as above table. The CLI is available as following:

      FGVM01TM19008000 # config system interface
      FGVM01TM19008000 (interface) # edit port1
      FGVM01TM19008000 (port1) # set mode dhcp
      FGVM01TM19008000 (port1) # end

      FGVM01TM19008000 # config system interface
      FGVM01TM19008000 (interface) # edit port2
      FGVM01TM19008000 (port2) # set ip 192.168.1.1/24
      FGVM01TM19008000 (port2) # end

      FGVM01TM19008000 # config system interface
      FGVM01TM19008000 (interface) # edit port3
      FGVM01TM19008000 (port3) # set ip 192.168.0.1/24
      FGVM01TM19008000 (port3) # set allowaccess http https
      FGVM01TM19008000 (port3) # end

    2. Set a static route in the firewall. You should always set the default route in the firewall (0.0.0.0 0.0.0.0 Internet IP).
      Configure a static route
      Figure 5.2: Configure a static route
    3. Set a Firewall Policy from port2 to port1.
      Set a Firewall Policy from port2 to port1.
      Figure 5.3: Set a Firewall Policy
    4. Set the static IP address in WebTerm1 (192.168.1.2/24).
      Set the static IP address in WebTerm1(192.168.1.2/24)
      Figure 5.4: Configure a static IP address in WebTerm1
  2. Create a user and group. Go to User & Authentication > User Groups. Create a group name: CaptivePortal.
    Create a group
    Figure 5.5: Create a group

    Go to User & Authentication > User Definition > Create a New User and assign your user in step 4 to A0ID-CaptivePortal Group.

    Create a local user
    Figure 5.6: Create a user
    Step2- Create a Login Credentials
    Figure 5.7: Create login credentials
    Add User to the Group
    Figure 5.8: Add user to the group
  3. Go to Network > Interfaces and edit port 2. In the Admission Control section, set:
    • Security mode: captive portal
    • Authentication Portal: Local
    • User Access: Restricted to Group and assign the group you have created in the previous step.
    Configure Captive Portal on port 2
    Figure 5.9: Configure Captive Portal on port2
  4. Now, open the browser in WebTerm1 and type http://talebi.ca.
    open the browser in webterm1 and type http://talebi.ca
    Figure 5.10: Verify Captive Portal

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall Copyright © 2023 by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book