Setting up a captive portal on Fortinet routers has never been easier with Spotipo's cloud-based solution. This step-by-step guide shows you how to configure your Fortinet captive portal to collect customer data, manage guest access, and transform your WiFi network into a powerful marketing tool.
Fortinet routers are popular choices for businesses needing reliable networking solutions, and when combined with Spotipo's advanced captive portal software, they create a seamless guest WiFi experience. Whether you're running a café, hotel, or retail location, this Fortinet Spotipo integration will help you maximize your guest WiFi's potential.
By following this Fortinet hotspot setup guide, you'll learn how to configure the necessary settings, install required packages, and connect your router to Spotipo's marketing platform. The entire process takes just a few minutes and requires no advanced technical knowledge.
Create Fortinet Site in Spotipo
A Site represents each location. A site can have multiple routers (of the same type)
Go to Site Selector on the top right corner and use the Create A New location button. Select the device type as Fortinet.
Find Fortinet Settings in Spotipo
Once your site has been created, locate the Fortinet Config screen under settings. Here you will be presented with configuration details necessary to configure your Fortinet router with Spotipo.
Configure Fortinet Router
RADIUS Server Configuration
First step in configuring your router is to go into Users & Authentication -> RADIUS Servers . From here, click on Create new button. From there, enter the RADIUS Server's IP address and Secret generated on your Spotipo site's configuration page.
NOTE: Once you've entered data for your RADIUS server, a pop-up saying "Invalid Secret for the server" will appear. You can ignore that message
Once you've entered the configured the necessary details for the RADIUS server, open your CLI terminal, by clicking the Edit in CLI button.
In CLI, copy the following commands:
set acct-interim-interval 300
set radius-coa enable
config accounting-server
edit 1
set status enable
set server "<FROM SPOTIPO>"
set port 1813
set secret <your_secret>
next
end
NOTE: Make sure that "set server" and "set secret" lines match with your specific data generated in Spotipo
Without this step, you will experience issues in communicating with our RADIUS server.
User Group Configuration
Next up, we need to configure User groups. To do that, go to User & Authentication -> User Groups and once again, create a new User Group by clicking on the Create New button.
When creating a new user group, set type as Firewall. Under remote groups, Add a Radius server group that you've created in the last step.
Authentication Settings Configuration
Under User & Authentication -> Authentication Settings you need to set the Captive portal type to FQDN, and enable captive portal. Also set the address of captive portal to app.spotipo.com.
Also, set protocol support to both HTTP and HTTPS.
Configure Correct Interface
Next step is located under Network->Interfaces. This will enable the Captive portal on the desired interface.
Select the desired interface that you'd like to use (You can do this for both LAN or VLAN interfaces) and click the Edit button.
In the newly opened screen, navigate to Security mode, enable it and set it to Captive portal.
Under Authentication portal paste the URL generated by Spotipo. Use that same URL in the Redirect after Captive Portal field.
Make sure to set the User group to the one we've created for this setup as well.
Under Exempt destinations/services create a new list for Spotipo servers. In that list, set FQDN to app.spotipo.com . Make sure to use that list for exempt destinations.
Configure Firewall policies
Spotipo needs to create a few firewall policies to give guests the optimal experience without compromising safety. We need to give users access to services such as DNS, without users having to log in first, etc.
Navigate to Policy & Objects->Firewall Policy . From there, press Create New button.
Set the parameters as following:
Name: Guest DNS allow (you can change it)
Incoming interface: lan
Outgoing interface: wan
Source: lan
Destination: all (you can make this more strict if you want to use specific DNS servers)
Schredule: always
Service: DNS
Action:Accept
Also move to rule toward the top of your list, so it doesn't get blocked by accident.
Now we need to create antoher rule. This one is for allowing traffic from guest network.
Name: Spotipo guest traffic allow (you can change it)
Incoming interface: lan
Outgoing interface: wan
Source: lan
Destination: all (you can make this more strict if you have pre configured firewall rules)
Schredule: always
Service: all (You can make this more strict by allowing services only up to your preference)
Action:Accept
NAT: Enabled
Log Allowed Traffic: All sessions
Also move to rule toward the top of your list, so it doesn't get blocked by accident.
Save the rule first, then open it again, and use the Edit in CLI button
Next up, we need to open the CLI terminal for this specific firewall rule. To do so, while your rule editor is open, click the Edit in CLI button.
In the CLI terminal, use these commands:
set groups "Spotipo Guest Users"
set dynamic-shaping enable
set comments "RADIUS accounting and bandwidth shaping for authenticated users"
next
end
Test things out
If you've done everything correctly, the portal should pop up when you're connecting to the configured interface next time.
If there are any issues with your configuration, feel free to contact support in the chat or by writing to [email protected].