Created on 08-12-2019 08:19 AM Edited on 12-16-2021 02:36 AM By Anonymous
Description
This article describes how to setup captive portal authentication for the non-domain users/machines with the existing FSSO setup for domain users.
Solution
The setup requires FSSO based authentication and should create either a System local or a LDAP authentication for non-domain machines/users.
For FSSO setup, please refer to the cookbook here.
After the FSSO setup, create a User definition/group on the firewall using either LDAP authentication or System local.
Next, the firewall policy for non-domain machines/users have to be created below the FSSO based policy.
In the below example, the Policy ID 1 was created for domain users with FSSO authentication and Policy ID 2 was created for non-domain machines/users with captive portal authentication
# diagnose firewall auth list172.31.128.58, bobsrc_mac: 00:61:65:67:3a:01type: fw, id: 0, duration: 318, idled: 6expire: 239, allow-idle: 300flag(20): idleserver: LDAPpackets: in 709 out 429, bytes: in 670088 out 62470group_id: 2group_name: Non Domain Machines/users----- 1 listed, 0 filtered -----
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.