FortiGate/FortiWiFi

1. Access the device’s configuration panel

2. Device configuration

2.1 RADIUS configuration

User&Device → Radius Servers → Create New

  • Name: sw_radius
  • Primary Server IP/Name: 35.205.62.147
  • Primary Server Secret: Radius Secret available in Access Points tab of the Social WiFi Panel
  • Secondary Server IP/Name: [leave field empty]
  • Secondary Server Secret: [leave field empty]
  • Authentication Method: Specify
  • Method: PAP
  • NAS IP: [leave field empty]
  • Include in every User Group: unchecked

Press OK to save.

  • Open the CLI Console (top right corner, between “help” and your username)

  • Type in config system global and press Enter.
  • Type in set radius-port 31812 and press Enter.
  • Type in end and press Enter.
  • Close the CLI Console

User & Device → User Groups → Create New

  • Name: sw_guest
  • Type: Firewall
  • Members:
  • Remote Group: Add
  • Remote Server: sw_radius


Press OK to save.

2.2 Captive Portal/Walled Garden configuration

Policy & Object → Addresses → Create New → Address

Template:

  • Name: [Domain name]
  • Color: [Any]
  • Type: FQDN
  • FQDN: [Domain name]
  • Interface: [name of your guest network]
  • Show in Address List: On/Green
  • Static Route Configuration: Off/Grey
  • Comment: [Any]

Add the following entries for each login platform you want to use:

SocialWiFi (mandatory)
  • login.socialwifi.com
  • sw-login.com
  • socialwifi.com
Facebook
  • facebook.com
  • www.facebook.com
  • m.facebook.com
  • scontent-lhr3-1.xx.fbcdn.net
  • fbstatic-a.akamaihd.net
  • connect.facebook.net
Twitter
  • twitter.com
  • www.twitter.com
  • api.twitter.com
  • abs.twimg.com
  • abs-0.twimg.com
LinkedIn
  • linkedin.com
  • www.linkedin.com
  • touch.linkedin.com
Google
  • accounts.google.com
  • fonts.google.com
  • ssl.gstatic.com

###Policy & Object → Addresses → Create New → Address Group

  • Category: IPv4 Group
  • Group Name: walledgarden
  • Members: Click and add all domains added in the previous step

Press OK to save.

WiFi & Controller → SSID → Create New → SSID
  • Interface Name: guestwifi
  • Type: WiFi SSID
  • Traffic Mode: Tunnel
  • IP/Network Mask: 10.8.0.1/16
  • DHCP Server: On/Green
  • Address Range: Create New
  • Staring IP: 10.8.0.2 End IP: 10.8.255.254 (should be set automatically once you specify IP/Network Mask)
  • Netmask: 255.255.0.0
  • DNS Server: Specify, 8.8.8.8
  • SSID: [name of your guest network]
  • Security Mode: Captive Portal
  • Portal Type: Authentication
  • Authentication Portal: External, http://login.socialwifi.com/
  • User Groups: sw_guest
  • Redirect after Captive Portal: Original request
  • Broadcast SSID: On/Green
  • Block Intra-SSID Traffic: On/Green


3. Adding the device to Social WiFi Panel

  • Access your account in the Social WiFi Panel.
  • Choose the correct venue to which you would like to add the device.
  • In the “Access Points” tab, press “Add” (upper right corner), paste the MAC address you copied into the form (adding a name is optional) and click “Create”.

4. Test the solution

Tags

Comments are closed