Captive Portal security
Captive Portal security provides an access point that initially appears open. The wireless client can connect to the AP with no security credentials. The AP responds to the client’s first HTTP request with a web page requesting user name and password. Until the user enters valid credentials, no communication beyond the AP is permitted.
The wireless controller authenticates users through the FortiGate user accounts. In the SSID configuration, you select the user groups that are permitted access through the captive portal.
The captive portal contains the following web pages:
• Login page—requests user credentials
• Login failed page—reports that the entered credentials were incorrect and enables the user to try again.
• Disclaimer page—is a statement of the legal responsibilities of the user and the host organization to which the user must agree before proceeding.
• Declined disclaimer page—is displayed if the user does not agree to the statement on the Disclaimer page. Access is denied until the user agrees to the disclaimer.
These pages are defined in replacement messages. Defaults are provided. In the web-based manager, you can modify the default messages in the SSID configuration by selecting Customize Portal Messages. Each SSID can have its own unique portal content.
To configure Captive Portal security - web-based manager
1. Configure user groups as needed in User & Device > User > User Groups.
2. Go to WiFi Controller > WiFi Network > SSID and edit your SSID entry.
3. In Security Mode, select Captive Portal.
4. Optionally, select Customize Portal Messages and modify the portal pages that users of this SSID will see.
5. In User Groups, select the group(s) that are allowed to use the wireless network and move them to the Selected list.
6. Select OK.