Chapter 5 – Authentication

5-1 Captive Portal

Learning Objectives

  • Configure a Captive Portal
Scenario: We are planning to enable Captive Portal on port2. Then, when users want to connect to the Internet, first they should enter their username and password and after that they are allowed to surf the Internet.
Captive Portal main scenario
Figure 5-1: main scenario
Table 5-1: Devices configuration
Device IP address Access
WebTerm1 192.168.1.2/24
FortiGate Port 1: DHCP Client

Port 2: 192.168.1.1/24

Port 3: 192.168.0.1/24

 ICMP

HTTP

HTTPS
WebTerm(FMC) 192.168.0.2/24

Step 1- Prerequisites

  • Set the IP addresses in the firewall as above table. The CLI is available as following:

FGVM01TM19008000 # config system interface

FGVM01TM19008000 (interface) # edit port1

FGVM01TM19008000 (port1) # set mode dhcp

FGVM01TM19008000 (port1) # end

 

FGVM01TM19008000 # config system interface

FGVM01TM19008000 (interface) # edit port2

FGVM01TM19008000 (port2) # set ip 192.168.1.1/24

FGVM01TM19008000 (port2) # end

 

FGVM01TM19008000 # config system interface

FGVM01TM19008000 (interface) # edit port3

FGVM01TM19008000 (port3) # set ip 192.168.0.1/24

FGVM01TM19008000 (port3) # set allowaccess http https

FGVM01TM19008000 (port3) # end

  • Set a static route in the firewall. You should always set the default route in the firewall (0.0.0.0 0.0.0.0  Internet IP)
Configure a static route
Figure 5-2: Configure a static route
  • Set a Firewall Policy from port2 to port1.
Set a Firewall Policy from port2 to port1.
Figure 5-3: Set a firewall policy
  • Set the static IP address in WebTerm1(192.168.1.2/24)
Set the static IP address in WebTerm1(192.168.1.2/24)
Figure 5-4: configure a static IP address in WebTerm1

Step 2 – Create a user and group

Go to User & Authentication> User Groups. Create a group name: CaptivePortal

Create a group
Figure 5-5: Create a group

Go to User & Authentication> User Definition> Create a New User and assign your user in step 4 to A0ID-CaptivePortal Group.

Create a local user
Figure 5-6: Step1- Create a user
Step2- Create a Login Credentials
Figure 5-7: Step2- Create a Login Credentials
Add User to the Group
Figure 5-8: Step3- Add User to the Group

Step 3

Go to Network> Interfaces and edit port 2. In the Admission Control section, set

  • security mode:  captive portal
  • Authentication Portal: Local
  • User Access: Restricted to Group and assign the group you have created in the previous step.
Configure Captive Portal on port 2
Figure 5-9: Configure Captive Portal on port 2

Step 4

Now, open the browser in webterm1 and type http://talebi.ca

open the browser in webterm1 and type http://talebi.ca
Figure 5-10: Verify Captive Portal

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall: Practical Guidance and Hands-On Labs by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book