Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Defining a wireless network interface (SSID)<br />
Configuring a WiFi LAN<br />
Security Mode<br />
Select the security mode for the wireless interface. <strong>Wireless</strong> users must use the same<br />
security mode to be able to connect to this wireless interface. Additional security mode<br />
options are available in the CLI. For more information, see Configuring security on<br />
page 36.<br />
Captive Portal – authenticates users through a customizable web page.<br />
WPA2-Personal – WPA2 is WiFi Protected Access version 2. There is one pre-shared<br />
key (password) that all users use.<br />
WPA2-Personal with Captive Portal – The user will need to know the pre-shared<br />
key and will also be authenticated through the custom portal.<br />
WPA2-Enterprise – similar to WPA2-Personal, but is best used for enterprise<br />
networks. Each user is separately authenticated by user name and password.<br />
Pre-shared Key<br />
Authentication<br />
Available only when Security Mode is WPA2-Personal. Enter the encryption key that<br />
the clients must use.<br />
Available only when Security Mode is WPA2-Enterprise.<br />
Select one of the following:<br />
RADIUS Server — Select the RADIUS server that will authenticate the clients.<br />
Local – Select the user group(s) that can authenticate.<br />
Portal Type<br />
Authentication<br />
Portal<br />
User Groups<br />
Exempt List<br />
Customize Portal<br />
Messages<br />
Redirect after<br />
Captive Portal<br />
Allow New WiFi<br />
Client<br />
Connections<br />
When Controller<br />
Is Down<br />
Available only when Security Mode is Captive Portal. Choose the captive portal<br />
type. Authentication is available with or without a usage policy disclaimer notice.<br />
Local - portal hosted on the FortiGate unit<br />
External - enter FQDN or IP address of external portal<br />
Select permitted user groups for captive portal authentication.<br />
Select exempt lists whose members will not be subject to captive portal<br />
authentication.<br />
Click the listed portal pages to edit them.<br />
Optionally, select Specific URL and enter a URL for user redirection after captive<br />
portal authentication. By default, users are redirected to the URL that they originally<br />
requested.<br />
This option is available for local bridge SSIDs with WPA-Personal security. See WiFi-<br />
Ethernet Bridge Operation on page 78.<br />
34 <strong>Deploying</strong> <strong>Wireless</strong> <strong>Networks</strong> for <strong>FortiOS</strong> 5.4<br />
Fortinet Technologies Inc.