top of page

Kiwire 3.0 Administrator      >        Setting up the Wi-Fi Hardware & Configuration       >       FortiWifi 

Kiwire 3.0 Administrator - Device & Controller Setup Guide

FortiWiFi Device Configuration for Kiwire Hotspot

Prerequisites

None
 

Note:
 

  1. Tested on Fortiwifi 5.2 and above

  2. Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.

  3. Social network hostname list can be obtained from Social network whitelist guide

Fortiwifi Hostname change

Screenshot_13_FortiWF.png

a.     Go to System > Dashboard > status

Screenshot_1_FortiWF-1.png

b.     Change the Hostname to FortiWifi Mac address without the colon

 

 

2. Add Radius services

Screenshot_2_FortiWF.png

a.     Go to User & Device > Authentication > Radius Server

b.     Name → Kiwire

c.     Primary server ip → Kiwire ip

d.     Primary server secret → a secret key assign for communication between Kiwire and fortiwifi

e.     Authentication method → specify

f.      Method → PAP

g.     NAS IP → Wan ip of fortiwifi Wan

3. Configure Fortiwifi for accounting interim update

 

a). Go to command CLI

b). Type the following command

#config user radius edit Kiwire
#config accounting-server edit 1
#set status enable
#set server Kiwire ip ( replace with actual Kiwire ip address )
#set secret XXXX ( replace xxxx with actual shared secret key )
#end
#set acct-interim-interval 1800
#end

c). Verify by running #show user radius

fortigate_output1.png

d. You can test fortiwifi authentication with Kiwire server bellow command, if username test and password test have been created at Kiwire platform.
#diagnose test authserver radius kiwire pap test test.

e.  Output command

fortigate_output2.png

4. Create user for hotspot

Screenshot_3_FortiWF_v2.png

a.     Go to user & Device > user  > user definition

b.     Username → kiwire-guest

c.     Match user on radius server → select kiwire

d.     Click ok to save

e.     Go to user & device > user > user group

f.      Create a new group

g.     Name → kiwire-guest

h.     Type → firewall

i.      Remote server → Kiwire

j.      Group name → Any

5. Wallgarden
 

a.     To create wallgarden for social login , as per network wallgarden guide , please go to Policy & Object > Address and add
b.     You can create required records based on the table below. Merge them under one title to make it more clean to understand and allow better management.

c.     Specific records for Google, Facebook and Twitter should be created only when you use social networks for authentication.

Wallgarden_FortiWF.png
Wallgarden2_FortiWF.png

d.  Add the Synchroweb Socialgate into the policy object

Screenshot_14_FortiWF.png

e.     Name → Socialgate.synchroweb

f.     Type → FQDN

g.     FQDN→socialgate.synchroweb.com

h.     Interface any

i.     Show in address list → Yes

j.      Repeat above for socialgate.kiwire.net

6. Set Kiwire Portal as object

Screenshot_5_FortiWF.png

a.     Go to Policy & Objects > Objects > Address

b.     Add New

c.     Name → Kiwire server

d.     Subnet ip range → Kiwire ip

7.     Create Security  policy
 

a. Go to Policy & Objects > Policy > IPv4

Screenshot_15_FortiWF.png

a.     Create a security policy for unauthenticated users that allows access only to the captive portal.

b.     Incoming interface → Select wifi ssid

c.     Source address → all

d.     Outgoing interface → WAN

e.     Destination Address → select kiwire server + social wallgarden + socialgate

f.      Service → all

g.     Action → Accept

8. Enable Bypass for captive portal
 

a.     Go to command CLI

Screenshot_7_FortiWF.png

9. Create Internet access Policy
 

a). The first rule for allowing the access to selected sources for not-authenticated users

Screenshot_8_FortiWF.png

b.     Go to Policy & Object > policy > ipv4

c.     Create new

d.     Incoming interface → Wifi interface

e.     Source address → all

f.     Source user → kiwire-guest

g.      Outgoing interface → Wan

h.     Destination address → All

i.     Service → all

j.      Action → accept

10. Create DNS bypass

Screenshot_9_FortiWF.png

a.     Go to Policy & Object > policy > ipv4

b.     Create new

c.     Incoming interface → Wifi interface

d.     Source address → all

e.     Outgoing interface → Wan

f.      Destination address → All

g.     Service → DNS

h.     Action → accept

11. Create Wifi network
 

12. Go to System > Network interface

Screenshot_10_FortiWF.png

a.     Create  a new wifi ssid

b.     Interface name → Select your interface name

c.     Type → wifi ssid

d.     Traffic mode → tunnel to wireless controller

e.     Ip/netmask → Set your interfaced ip

f.      Administrative Access → Ping

g.     Dhcp server → enable

h.     Starting IP & End IP → your DHCP pool for guest

i.     Netmask → your network subnet mask

j.     Default gateway → Same as interface IP

k.    DNS server → same as system DNS

Screenshot_11_FortiWF.png

l.      SSID → your wireless SSID name

m.    Security mode→ Captive portal

n.     Portal type → authentication

o.     Authentication Portal → External , kiwireip/login/fortiap , without https or http

p.     User group → kiwire-guest

q.     Except list → kiwire server

r.      Go to FortiAP Profile

Screenshot_12_FortiWF.png

s.     Radio1 mode → Access point

t.     SSID → select the ssid created.

Kiwire Configuration for Fortigate
 

Adding NAS into Kiwire
 

  • Navigate to Devices > Devices > Add Device

  • Device Type → Controller

  • Vendor → FortiAP

  • Identity → The hostname of fortiAP

  • Ip Address → FortiAP wan ip

  • Address → optional

  • Username → FortiAP username

  • Password → FortiAPpassword

  • Shared Secret Key → Secret key phrase set at Radius

  • COA Port → 3799

  • Description → optional

  • Monitoring Method → optional

  • Community → optional

  • Snmp version → optional

  • Create→ to save

bottom of page