Welcome to Purple Support

Fortinet (FortiGate)

  • Updated

Important

IMPORTANT: You need FortiOS v5.6 or above in order to proceed.

Configuration

Please log in to your FortiGate web interface and click User & Device > RADIUS Servers on the left menu. Click Create New and configure with:

Name guestradius
Primary Server *insert radius_server here*
Primary Shared Secret *insert radius_secret here*
Secondary Server *insert radius_server2 here*
Secondary Shared Secret *insert radius_secret here*
Authentication Method Specify
Method PAP

Click OK to Save. Next, click on User Groups and Create New. Configure with:

Name:  guestgroup
Type Firewall

Under Remote groups click Create New and under Remote Server choose guestradius. Click OK to Save.

Next, click Policy & Objects > IP. Click Create New > Address. Configure with:

Category Address
Name guestonline
Type IP/Netmask
Subnet / IP Range 10.1.0.0/255.255.255.0
Interface any
Show in Address List Enabled

Click OK to Save. Next, click Create New > Address again and add each required domain as per below. Please refer to this list.

Category Address
Name *insert domain here*
Type FQDN
FQDN *insert domain here*

Click OK to Save. For each domain you need to do as per above.

Next, under Addresses click Create New > Address Group. Configure with:

Category IPv4 Group
Group Name guestwhitelist
Members click the + button and select all the domains you added earlier.

Click OK to Save.

Next, click WiFi & Switch Controller > SSID on the left. Click Create New > SSID. Configure with:

Interface Name guestwifi
Type WiFi SSID
Traffic Mode Tunnel to Wireless Controller
Address 10.1.0.1/255.255.255.0
DHCP Server Enabled
DNS Server Specify: 8.8.8.8
SSID Guest WiFi (or whatever you wish)
Security Mode Captive Portal
Portal Type Authentication
Authentication Portal: External *insert access_url here*
User Groups guestgroup
Broadcast SSID Enabled
Block Intra-SSID Traffic Enabled
Exempt Destinations/Services guestwhitelist
Redirect after Captive Portal Specific URL: *insert redirect_url here*

Click OK to Save. Next, under IPv4 Policy click Create New. Configure with:

Name guestwifi
Incoming Interface Guest WiFi (gestwifi)
Outgoing Interface wan1 (your WAN connection)
Source all
Destination Address guestwhitelist
Schedule always
Service ALL
Action ACCEPT
Enable this policy Enabled

Click OK to Save. Click Create New again and configure with:

Name guestwifionline
Incoming Interface Guest WiFi (gestwifi)
Outgoing Interface wan1 (your WAN connection)
Source guestonline
Destination Address all
Schedule always
Service ALL
Action ACCEPT
Enable this policy Enabled

Click OK to Save.

Share online:
Was this article helpful?
0 out of 0 found this helpful