AIWIFI SSID AND CAPTIVE PORTAL CREATION MANUAL (FORTINET)

Step 1: RADIUS Server and Group Configuration

First, we prepare the communication with the AIWIFI system.

1. Go to User & Device > RADIUS Servers

1. Click on Create New.

   • Name: RADIUS_AIWIFI

   • Primary Server IP/FQDN: (The IP provided by AIWIFI).

   • Primary Service Secret: (The AIWIFI shared secret).

   • Authentication Method: Select PAP.

2. Click OK.

1. Go to User & Device > User Groups.

2. Click on Create New.

   • Name: GRUPO_AIWIFI_USUARIOS

   • Type: Firewall

   • Remote Groups: Click Add, select the RADIUS_AIWIFI server, and click OK.

---

Step 2: Walled Garden Creation

1. Go to Policy & Objects > Addresses.

2. Click Create New > Address for each of the following domains:

   • Category: Address.

   • Type: FQDN.

   • FQDNs:

     • captive.aiwifi.io

     • storage1-prod-media.s3.us-east-2.amazonaws.com

     • api.aiwifi.io

     • connect.facebook.net

     • facebook.com

     • sentry.io

     • cloudfront.com

     • lr-ingest.io

     • doubleclick.net

     • fbsbx.com

1. Go to Policy & Objects > Address Groups.

2. Click Create New.

   • Name: WALLED_GARDEN_AIWIFI

   • Members: Add all the FQDNs created above.

3. Click OK.

---

Step 3: SSID (WiFi) Creation

We configure the wireless signal and link the previous steps.

1. Go to WiFi & Switch Controller > SSIDs.

2. Click Create New > SSID.

   • Interface Name: wifi_portal

   • IP/Network Mask: 10.50.0.1/255.255.255.0

   • DHCP Server: Enabled (Range 10.50.0.2 - 10.50.0.254).

   • DNS Server: Select Specify and enter 8.8.8.8 and 8.8.4.4.

3. Under the Security Mode section:

   • Select Captive Portal.

   • Authentication Portal: Select External.

   • URL: http://captive.aiwifi.io

   • User Groups: Select GRUPO_AIWIFI_USUARIOS (from Step 1).

   • Exempt Destinations: Select WALLED_GARDEN_AIWIFI (from Step 2).

---

Step 4: Access Point (FortiAP) Authorization

1. Go to WiFi & Switch Controller > Managed FortiAPs.

2. Find your Access Point in the list (it will appear with a waiting icon or in grey).

3. Right-click on the AP and select Authorize.

4. Wait for the status to change to Online (Green).

---

Step 5: Firewall Policy Rule

1. Go to Policy & Objects > IPv4 Policy.

2. Click Create New.

   • Name: Acceso_Internet_AiwiFi

   • Incoming Interface: Select your SSID (wifi_portal).

   • Outgoing Interface: Your internet exit port (WAN).

   • Source: Click the + and add the all object.

   • Click again and add the GRUPO_AIWIFI_USUARIOS group.

   • Destination: all

   • Service: ALL

   • Action: ACCEPT

   • NAT: ENABLED (Ensure the toggle is green).

3. Click OK.

---

Step 6: In case of SSL Certificate Errors

1. Go to User & Device > Authentication Settings.

2. Disable HTTPS.