Bienvenido a Soporte Purple

SonicWall Appliance/AP

  • Actualización

NOTE: We recommend v7.1.2-7019 and above.  Due to a known issue, versions 7.0.1-5151, 7.1.1-7051 and 7.1.1-7058 are not compatible.

Log in to your SonicWall firewall and click Network at the top. Under IPSEC VPN > Rules and Settings > Settings ensure the Unique Firewall Identifier is the original serial number of the device.

 

Next, go to Device > Users > Settings and on the Authentication tab configure with:

  • User authentication method: RADIUS + Local Users

Click the Configure RADIUS button. Under the Settings header > RADIUS Servers sub-header click ADD... and configure with:

 

On the Settings tab:

  • Host Name or IP Address: *insert radius_server here*
  • Port: 1812
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above

 

On the Advanced tab:

  • User Name Format: Name@Domain

Click Save.  Click ADD... again and configure exactly as above with the following change:

  • Host Name or IP Address: *insert radius_server2 here*

 

Click Save again. On the RADIUS Users header:

  • Default user group to which all RADIUS users belong: Guest Services

 

Finally, click Save. Next, under RADIUS Accounting Configuration, under the Servers tab click ADD... and configure with:

On the Settings tab:

  • Host Name or IP Address: *insert radius_server here*
  • Port: 1813
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above

On the Advanced tab:

  • User Name Format: Name@Domain

Click Save.  Click ADD... again and configure exactly as above with the following change:

  • Host Name or IP Address: *insert radius_server2 here*

Click Save again. On the User Accounting tab configure:

  • Guest users: Enabled
  • Include: Domain and local users
  • Send interim updates: Every 2 minutes

Click Save.

Next, go to Object > Match Objects > Address Objects and click Add at the top. Here, you will need to add multiple rules to allow pre-authentication traffic to be permitted. For each of the domains you need to add a rule as follows, changing the Name and FQDN Hostname each time. Please refer to this list.

  • Name: *domain here*
  • Zone Assignment: WAN
  • Type: FQDN
  • FQDN Hostname: *domain here*

Once all the required entries are added click on the Address Groups tab and Add at the top. Enter a name of guestwifi and then for each of the entries you created above click the -> arrow to move them to the right hand box. Click OK to save.

 

Next, go to Object > Match Object Zones and edit the zone you are using for your guest users (typically the WLAN zone). Under the Guest Services tab configure with:

  • Enable Guest Service: Enabled
  • Enable Captive Portal Authentication: Enabled

Configure the following:

  • External Captive Portal Vendor URL: *insert access_url here*
  • Captive Portal Welcome URL Source: Custom
  • Custom Captive Portal Welcome URL Source: *insert redirect_url here*
  • Session Timeout Source: From Radius
  • Idle Timeout Source: From Radius
  • Radius Authentication Method: PAP Cleartext

 

Click Save.

 

Finally, if you are using SonicWall Access Points be sure to create an open SSID to enable guest users to connect.

The configuration is now complete.

 

IMPORTANT NOTE: You need to add the Unique Firewall ID (LAN MAC address) as well as the WAN MAC address of the Fortigate to the portal under the Venue > Hardware tab. This is to ensure we are able to accept traffic from the device. Additionally, you'll need to set the interface IP (residing on the firewall) that guest users have as their default gateway under the Venue > Options tab > SonicWall guest user gateway IP heading. Without this the login will fail.

 

 

-------

The following is for SonicOS v6.x. Scroll to the top for Sonic OS v7.0 or above. 

 

 

Log in to your SonicWall firewall and click Manage at the top. On the left menu, click on VPN > Base Setting and ensure the Unique Firewall Identifier is the original serial number of the device (as shown on the Licenses page).

 

Next, click on Users > Settings on the left menu and on the Authentication tab at the top configure with:

  • User authentication method: RADIUS + Local Users

Click the Configure RADIUS button. Under the Settings header > RADIUS Servers sub-header click ADD...

 

On the Settings tab:

  • Host Name or IP Address: *insert radius_server here*
  • Port: 1812
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above

 

On the Advanced tab:

  • User Name Format: Name@Domain

Click Save.  Click ADD... again and configure exactly as above with the following change:

  • Host Name or IP Address: *insert radius_server2 here*

 

Click Save again. On the RADIUS Users header:

  • Default user group to which all RADIUS users belong: Guest Services

 

Finally, click OK to save. Next, on the Accounting tab at the top configure with:

  • Send RADIUS Accounting information: Enabled

Under RADIUS Accounting Servers click ADD... and configure with:

  • Host Name or IP Address: *insert radius_server here*
  • Port: 1813
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above
  • User Name Format: Name@Domain

Click Save. Click ADD... again and configure exactly as above with the following change:

  • Host Name or IP Address: *insert radius_server2 here*

Click Save again.

  • Send accounting data for: Guest Users
  • Include: Domain and local users
  • Send interim updates: Every 2 minutes

Click Accept at the bottom to save changes. Next, on the left menu click on Objects > Address Objects and click Add at the top. Here, you will need to add multiple rules to allow pre-authentication traffic to be permitted. For each of the domains you need to add a rule as follows, changing the Name and FQDN Hostname each time. Please refer to this list.

  • Name: *domain here*
  • Zone Assignment: WAN
  • Type: FQDN
  • FQDN Hostname: *domain here*

Once all the required entries are added click on the Address Groups tab and click Add at the top. Enter a name of guestwifi and then for each of the entries you created above click the -> arrow to move them to the right hand box. Click OK to save.

 

Next, on the left menu click on Network > Zones and edit the zone you are using for your guest users (typically the WLAN zone). Under the Guest Services tab configure with:

  • Enable Guest Services: Enabled

 

Enable the Captive Portal Authentication checkbox and click Configure. Set the following:

  • External Captive Portal Vendor URL: *insert access_url here*
  • Auto Relay Login Credential to SonicWall: Enabled
  • Captive Portal Welcome URL Source: Custom
  • Custom Captive Portal Welcome URL: *insert redirect_url here*
  • Session Timeout Source: From Radius
  • Idle Timeout Source: From Radius
  • Radius Authentication Method: PAP - ClearText

 

Click OK to save.

 

Enable the Pass Networks checkbox and select guestwifi from the dropdown. Be sure to also set the Max Guests option to a suitable concurrent number else new guest users might be denied access.

 

Click OK to save. Finally, if you are using SonicWall Access Points be sure to create an open SSID to enable guest users to connect.

 

IMPORTANT NOTE: You need to add the Unique Firewall ID (LAN MAC address) as well as the WAN MAC address of the Fortigate to the portal under the Venue > Hardware tab. This is to ensure we are able to accept traffic from the device. Additionally, you'll need to set the interface IP (residing on the firewall) that guest users have as their default gateway under the Venue > Options tab > SonicWall guest user gateway IP heading. Without this the login will fail.

The configuration is now complete.

Compartir en línea
¿Fue útil este artículo?
Usuarios a los que les pareció útil: 0 de 0