Configure Fortigate captive portal:
Go to User & Device -> User Definition
Click Create New
Configure user account
Go to User & Device -> User Groups
Click Create New
Configure captive-portal group (for example CP_GROUP)
Go to System -> Network -> Interfaces
Create new interface (according to your topology)
Fill in the required information (addressing mode, IP
address, DHCP etc.)
Select Captive Portal under Security Mode
Select the User Groups (CP_GROUP)
Click OK
Now go to Policy & Objects -> Policy -> IPv4
Click Create New
Create the firewall policy according to your needs
Click OK
Now you have a network with captive portal authentication.
Now let’s say we want all iphones to be free from using
captive portal, in order to use this network, for that we will have to use the
CLI to add exempt command:
FWG # config firewall policy
FWG (policy) # edit 12
FWG (12) # set captive-portal-exempt enable
FWG (12) # end
The policy ID is equal to the IPv4 policy that we made for
this network.
Now return to the web GUI and go to System -> Network
-> Interfaces -> LAB (my CP network) and click edit
Click the ‘+’ sign near to the Exempt List and choose iPhone
(or any other type of device/user/group) which you like to free from the
captive portal authentication.
Click OK
This exemption can be used for many different requirements such as time-management clocks, printers, digital signage etc. which can't authenticate using CP.
No comments:
Post a Comment