Skip to main content

Configure your FortiGate managed Access Points - FortiOS version 7.2 and above

User guide for configuring the Guest WiFi service on your FortiGate managed access points.

Stephanie Desveaux avatar
Written by Stephanie Desveaux
Updated over 2 months ago

⚠️ Important: This guide has been tested with FortiOS versions 7.2 and above.

SSL certificates

To prevent SSL errors on laptops it is recommended you follow the Fortinet guides and deploy a certificate; this will then prevent the messages being generated by connections to your Fortinet controller.

The following URLs may help:

Technical Tip: Preventing certificate warnings using captive portal.

Technical Tip: Using secure authentication (HTTPS) on a FortiGate and redirecting the authentication page.

Guest WiFi configuration

To configure the Guest WiFi via on your Fortigate hardware, first login to your FortiGate web interface, then follow each of the sections below in order.

RADIUS server set up

To configure the RADIUS servers, please follow the steps below:

  1. On the left-hand menu click User & Authentication and then select RADIUS Servers.

  2. Click Create New and configure with:

    • Name: GuestRadius.

    • Primary Server:

      • Europe: radius1-eu.wireless-social.com

      • Americas: radius1-us.wireless-social.com

    • Primary Shared Secret: Please contact Support.

    • Secondary Server:

      • Europe: radius2-eu.wireless-social.com

      • Americas: radius2-us.wireless-social.com

    • Secondary Shared Secret: Please contact Support.

    • Authentication Method: Specify.

    • Method: PAP.

  3. Click OK to Save.

  4. Next, click on User Groups and Create New. Configure with:

    • Name: WS_GuestGroup.

    • Type: Firewall.

  5. Under Remote groups click Create New and under Remote Server choose GuestRadius.

  6. Click OK to Save.

Walled Garden set up

To configure your walled garden, please follow the steps below:

  1. In the left-hand menu, click Policy & Objects and then choose Addresses.

  2. Click Create New and click Address. Configure with:

    • Name: GuestOnline

    • Type: Subnet

    • IP/Netmask: 10.1.0.0/255.255.255.0

    • Interface: any

  3. Click OK to Save.

  4. Next, click Create New and Address again, then configure with:

    • Name: *.wireless-social.com

    • Type: FQDN

    • FQDN: *.wireless-social.com

  5. Click OK to Save.

  6. Repeat Step 4 for all of the following walled garden domains. There may also be other relevant regional accounts if your venue is outside of the UK or US that you will need to add.

  7. Next, under Addresses click Create New then click Address Group. Configure with:

    • Category: IPv4 Group.

    • Group Name: GuestWhitelist.

    • Members: click the + button and select all the domains you added earlier.

  8. Click OK to Save.

Guest SSID and portal redirect set up

To configure your Guest SSID and captive portal redirects, please follow the steps below:

  1. From the left-hand menu, click WiFi & Switch Controller, then select SSIDs.

  2. Click Create New and then click SSID. Configure with:

  3. Click OK to Save.

  4. Next, under Policy & Objects click Firewall Policy.

  5. Click Create New, then configure with:

    • Name: GuestWiFiPolicy.

    • Incoming Interface: _Venue Name Guest WiFi (GuestWiFiInterface).

    • Outgoing Interface: wan1 (your WAN connection).

    • Source: all.

    • Destination Address: GuestWhitelist.

    • Schedule: always.

    • Service: ALL.

    • Action: ACCEPT.

    • Enable this policy: Enabled

  6. Click OK to Save.

  7. From the left-hand menu, click WiFi & Switch Controller, then click SSIDs.

  8. Choose the SSID created earlier, and add the GuestWhitelist you created above to the Exempt destinations/service.

Insights Plus FortiGate Presence set up

To collect data for Insights Plus, follow the below steps:

  1. From the left-and menu, click WiFi & Switch Controller and then select FortiAP Profiles.

  2. Click on the profile your access points (APs) are associated with - you may have more than one.

  3. Scroll down and locate the FortiPresence entry - click to expand the options.

  4. Fill in the details listed below: replacing the Project Name and IP if required.

    • Mode: Foreign and Home Channels.

    • Project name: fortipresence.

    • Password: Unique to your network - provided by Support.

    • FortiPresence server IP: 18.134.187.121.

    • FortiPresence server port: 3000.

    • Report Rogue APs: Enabled.

    • Report unassociated clients: Enabled.

Notify Support once you have completed the configuration and we can monitor for data coming in.

Your login and Insights Plus presence data will appear in the Insights portal within 24 hours.

Related Articles
Configure your Cambium CnPilot managed access points
Configure your Extreme CloudIQ managed access points.
Configure your TP Link Omada access points
Configure your Ruckus Unleashed access points.
Configure your Juniper Mist access points
Did this answer your question?