1. Setup the Fortigate Hostname
In the settings, under the tab Dashboard / System Information you need to change the hostname with the Fortigate MAC Address.
Add the RADIUS server
Under the tab User&Device / RADIUS Servers you need to create a record for primary RADIUS server with the following settings :
Then, you need to configure a FortiGate unit to send accounting interim updates to the Kiwire™ server to update the status of an active session. In the CLI console, run the following command:
config user radius
edit [name] #name Kiwire
set status enable
set server [IP] # IP of Kiwire
set secret [secret] # shared secret key
set acct-interim-interval [duration] #duration between each interim update (600 to 86400 seconds)
Here is the sample output:
You can also test a Fortigate user authentication to Kiwire™ server. Below is the RADIUS diagnostic command :
Fortigate # diagnose test authserver radius radius-server pap user1 password1
Here is the sample output:
As the next step, you need to create a user in User&Device / User Definition with the following settings:
In User&Device / User Groups you need to create an authentication group:
3. Create the Hotspot Interface
Go to System > Network > Interface to create the interface with the following settings:
4. Create a “WALLED GARDEN”
To allow the user to get the content through the Kiwire™ Page to connect you need to allow specific IP addresses. To do so, go to Policy & Objects / Addresses. You can create required records based on the table below. You can merge them under one title to make it more clean to understand and allow better management. Specific records for Google, Facebook and Twitter should be created only when you use social networks for authentication.
Also, adding the synchroweb socialgate
Go to Policy & Objects > Objects > Addresses and create an address for the captive portal.
Go to Policy & Objects > Policy > IPv4. Create a security policy for unauthenticated users that allows access only to the captive portal and other wallgarden addresses.
In the CLI, enable bypass of the captive portal so that the user can make the initial contact with the external server.
5. Create the Internet access security policy
The first rule for allowing the access to selected sources for not-authenticated users.
The second rule for access to the DNS service to the master subnet.
To redirect user after login to a specific URL, edit the system interface and set the security-redirect-url
1. Login to Kiwire™ Captive Portal; http://Kiwire_IP_Address/admin
2. Go to Device > NAS and add NAS for FortiAP
3. Go to Device > Zone and create a zone for the FortiWiFi. We can assign the zone based on NAS ID, VLAN, IP address, or SSID.
4. After that, edit the zone and click Add and add the Fortigate MAC address in the NAS ID field.