FortiWLC – Third-Party Captive Portal Solutions

Third-Party Captive Portal Solutions

Instead of using the Fortinet Captive Portal solution, you can use a third-party solution; you cannot use both. Companies such as Bradford, Avenda, and CloudPath all provide Captive Portal solutions that work with FortiWLC (SD) 4.1 and later. There are two places that you need to indicate a third-party captive portal solution, in the corresponding Security Profile and in the Captive Portal configuration.

Configure Third-Party Captive Portal With the Web UI

Indicate that a third-party Captive Portal solution will be used in the Security Profile by setting Captive Portal Authentication Method to external. For complete directions, see Configure a Security Profile With the Web UI.

Indicate that a third-party Captive Portal solution will be used in the Captive Portal configuration by setting Captive Portal External URL to the URL of the Captive Portal box:

Third-Party Captive Portal Solutions

1. Click Configuration > Security > Captive Portal.
2. Change the value for CaptivePortal External URL to the URL of the third-party box.
3. Click OK.

Configure Third-Party Captive Portal With the CLI

Configure an SSL server before configuring third-party captive portal in the security profile. For example, example of SSL server configuration:

controller1# show ssl‐server Captive Portal

Name                                         : Captive Portal

Server Port                                  : 10101

User Authentication Protocol                 : None

Server Lifetime                              : 100

Server IP                                    : 172.18.37.223

Certificate                                  :

Authentication Type                          : radius Primary Profile                              : IDAU1721946201

Secondary Profile                            :

Primary Profile                              : IDAC1721946201 Secondary Profile                            :

Accounting Interim Interval (seconds)        : 60

CaptivePortalSessionTimeout                  : 0 CaptivePortalActivityTimeout                 : 0 Protocol                                     : https

Portal URL                                   :

CaptivePortal External URL                   : https://172.19.46.201/portal/

172.18.37.223?meruInitialRedirect

CaptivePortal External IP                    : 172.18.37.223

L3 User Session Timeout(mins)                : 1

Apple Captive Network Assistant (CNA) Bypass : on Example of configuring SSID with external captive portal:

controller1# configure terminal  controller1(config)# security‐profile CPExternal

controller1(config‐security)# captive‐portal‐auth‐method external controller1(config‐security)# passthrough‐firewall‐filter‐id IDMAUTH controller1(config)# essid CaptivePortal‐External

controller1(config‐essid)# security‐profile CaptivePortal‐External controller1(config‐essid)# end

Third-Party Captive Portal Solutions