Hardware and Networks
Creating a FortiNet External Captive Portal
- Your FortiGate firewall must be running FortiOS6.0 or higher. Fydelia was tested on a FortiGate 40F running FortiOS v6.4.6 build6083 (GA)
- Admin access to your FortiGate firewall
- At least one compatible FortiAP device connected to the LAN socket of your FortiGate firewall. In this example we’re using a FortiAP231F. No direct AP configuration is required
CREATE AN SSID
Under “WiFi & Switch Controller” click SSIDs
Click Create New -> SSID
SSID and DHCP
Enter a name for your SSID (you will enter the actual broadcast network name further down)
Also enter your desired IP range for guest devices and enable DHCP:
WIRELESS NETWORK SETTINGS
Pay attention to these steps, as the captive redirect will not work without them
1) SSID Name
Under WiFi Settings enter an SSD Name, such as “Fydelia Test”
2) Security Mode
Under Security Mode, choose “Captive Portal”, then “External”.
You will need to copy/paste in your full Fydelia splash page URL:
As you can see, after login we will redirect the guest to https://google.com
3) User Groups
You must assign a user group. We will just assign it to the default guest group related to the firewall
4) Exempt Destinations/Services
This step ensures that guests are allowed out to the Fydelia.com splash page even though they’re not yet connected to the internet. This is, effectively, the pre-authentication walled garden setting:
Click the + button:
Enter a name, Choose FQDN and enter “ondemand.fydelia.com”
Click OK and Click your newly created entry:
Click OK at the bottom of the screen to save your settings.
It’s likely you already have this set up, but during testing we found that we had to add a policy to route WiFi traffic to the WAN, in order to gain internet access from the AP.
If you do not have a policy set up, create one that links your new SSID to WAN:
You’re all set. Client devices can now authenticate via your Fydelia guest splash page.