Welcome to Purple Support

Fortinet (FortiGate)

  • Updated

IMPORTANT: You need FortiOS v5.6 or above in order to proceed.

 

Please log in to your FortiGate web interface and click User & Device > RADIUS Servers on the left menu. Click Create New and configure with:

  • Name: guestradius
  • Primary Server: *insert radius_server here*
  • Primary Shared Secret: *insert radius_secret here*
  • Secondary Server: *insert radius_server2 here*
  • Secondary Shared Secret: *insert radius_secret here*
  • Authentication Method: Specify
  • Method: PAP

Click OK to Save. Next, click on User Groups and Create New. Configure with:

  • Name: guestgroup
  • Type: Firewall

Under Remote groups click Create New and under Remote Server choose guestradius. Click OK to Save.

Next, click Policy & Objects > IP. Click Create New > Address. Configure with:

  • Category: Address
  • Name: guestonline
  • Type: IP/Netmask
  • Subnet / IP Range: 10.1.0.0/255.255.255.0
  • Interface: any
  • Show in Address List: Enabled

Click OK to Save. Next, click Create New > Address again and add each required domain as per below. Please refer to this list.

  • Category: Address
  • Name: *insert domain here*
  • Type: FQDN
  • FQDN: *insert domain here*

Click OK to Save

For each domain you need to do as per above.

Next, under Addresses click Create New > Address Group. Configure with:

  • Category: IPv4 Group
  • Group Name: guestwhitelist
  • Members: click the + button and select all the domains you added earlier.

Click OK to Save.

Next, click WiFi & Switch Controller > SSID on the left. Click Create New > SSID. Configure with:

  • Interface Name: guestwifi
  • Type: WiFi SSID
  • Traffic Mode: Tunnel to Wireless Controller
  • Address: 10.1.0.1/255.255.255.0
  • DHCP Server: Enabled
  • DNS Server: Specify: 8.8.8.8
  • SSID: Guest WiFi (or whatever you wish)
  • Security Mode: Captive Portal
  • Portal Type: Authentication
  • Authentication Portal: External: *insert access_url here*
  • User Groups: guestgroup
  • Broadcast SSID: Enabled
  • Block Intra-SSID Traffic: Enabled
  • Exempt Destinations/Services: guestwhitelist
  • Redirect after Captive Portal: Specific URL: *insert redirect_url here*

Click OK to Save. Next, under IPv4 Policy click Create New. Configure with:

  • Name: guestwifi
  • Incoming Interface: Guest WiFi (gestwifi)
  • Outgoing Interface: wan1 (your WAN connection)
  • Source: all
  • Destination Address: guestwhitelist
  • Schedule: always
  • Service: ALL
  • Action: ACCEPT
  • Enable this policy: Enabled

Click OK to Save. Click Create New again and configure with:

  • Name: guestwifionline
  • Incoming Interface: Guest WiFi (gestwifi)
  • Outgoing Interface: wan1 (your WAN connection)
  • Source: guestonline
  • Destination Address: all
  • Schedule: always
  • Service: ALL
  • Action: ACCEPT
  • Enable this policy: Enabled

Click OK to Save

Share online:
Was this article helpful?
0 out of 0 found this helpful