Creating a guest user group
- To create a guest user group, go to User & Device > User Groups and create a new group.
- Set Type to Guest and set User ID to Email.
- Under Guest Details, enable Require Email, enable Password, and set the password to Auto Generated.
- Under Expiration, set Start Countdown to After First Login and set Time to 5 minutes for testing purposes.
Creating an SSID
- To create an SSID for guest users, go to WiFi & Switch Controller > SSID and create a new SSID.
- Set Traffic Mode to Tunnel. Assign an IP/Network Mask to the interface and enable DHCP Server.
- Under WiFi Settings, set the following:
- Security Mode to Captive Portal
- Portal Type to Authentication
- User Groups to the guest user group
- To broadcast the new SSID, go to WiFi & Switch Controller > FortiAP Profiles and edit the profile used by the FortiAP.
- Under Radio 1 set SSIDs to include the new SSID.
Creating a security policy
- To allow WiFi guest users to access the Internet, go to Policy & Objects > IPv4 Policy and create a new policy.
- Set Incoming Interface to the guest SSID and set Outgoing Interface to your Internet-facing interface. Select Source and set Address to all and User to the guest user group.
- Enable NAT.
Creating a guest user management account
To simplify guest account creation, you can create an admin account that is only used for guest user management. This allows new accounts to be made as needed without requiring full administrative access to the FortiGate. In this example, the account is made for use by receptionist.
- To create the guest management account, go to System > Administrators and create a new account.
- Set a User Name and set Type to Local User. Set and confirm a Password.
- Enable Restrict admin to guest account provisioning only and set Guest Group to the WiFi guest user group.
Creating a guest user account
- Using the receptionist account, create a guest account.
- Set Email to the user’s email address (in the example, ballen@example.com). To test the account, set Expiration to 5 Minutes.
- After you select OK, a User Created Successfully notice appears that shows the new account’s Password. This password can then be printed or emailed to the guest user. You can also view the password by editing the user account.
Results
- On a PC, connect to the guest SSID and attempt to browse the Internet. When the authentication screen appears, log in using the guest user’s credentials.
- After the account is authenticated, you can connect to the Internet.
- Five minutes after the initial login, the guest user account will expire and you will no longer be able to log in using those credentials.
- Use the reception account to log on to the FortiGate. The guest account is listed as Expired.
Comments
Post a Comment
If you any doubt , Please let me know