top of page

Kiwire 3.0 Administrator      >        Setting up the Wi-Fi Hardware & Configuration       >       Fortigate FortiOS   

Kiwire 3.0 Administrator - Device & Controller Setup Guide

Fortigate FortiOS configuration for Kiwire hotspot

Steps to Integrate Kiwire with FortiGate

1. Create RADIUS Server


User & Devices→Radius Servers


A). Edit Radius Server

  • Name = Radius name (e.g., Kiwire)

  • Authentication Method = Specify→choose PAP

  • NAS IP = FortiGate WAN IP
     

B). Primary Server

​​

  • IP/Name = Kiwire IP/Hostname

  • Secret = Secret key (make sure this secret key is same in Kiwire)

​

2). Click OK

forti rad servers.png

1

2

3

4

5

6

3. Set Accounting Interim Updates

 

Click CLI Console

forti rad servers.png

4. CLI Console should be open like in the diagram below

forti console.png

5. Enter command below to set accounting interim update

forti command.png

6. Output should like this when done set accounting interim update

forti comm result.png

6. Add User Group


User & Device → User Groups → Create New

​

A). Edit User Group

  • Name = User group name

  • Type = Firewall

  • Members = Add User Definition

​

B). Remote Groups

​

  • Click Add → Add Radius server that have created

​

C). Click OK

​

7. Add User Definiton


User & Device → User Definition → Create New → Remote Radius User → Click Next

8. On Radius Server tab

​

  • Username = fill in name

  • RADIUS Server = choose Radius server

  • Skip to Extra Info tab

9. On Extra Info tab

​

  • User Account Status = Enabled

  • User Group = choose User Group that have created

  • Click Submit

10. The output should look like in the diagram below

11. Create Hotspot Interface


Go to Network→Interfaces→Create New→Interface

​

A. Edit Interface

  • Interface name = Set name to the interface

  • Type = VLAN or physical interface

  • Interface = If type is VLAN, choose physical interface

  • VLAN ID = Set VLAN ID if type is VLAN

 

B. Address

  • Addressing Mode = Manual

  • IP/Network Mask = Hotspot subnet
     

C. Administrative Access

  • Tick RADIUS Accounting

  • Tick PING

D. DHCP Server → Enable

  • Address Range = IP range that will used as DHCP

  • Netmask = Netmask for the IP

  • Default Gateway = Same as Interface IP

  • DNS Server = Same as System DNS

 

E. Network

  • Security Mode = choose Captive Portal

  • Authentication Portal = External (IP-Kiwire/login/fortiap)

  • User Access = Restricted to Groups

  • User Groups = choose User Group that have created

  • Click OK

12. Wall Garden Kiwire


Go to Policy & Objects → Addresses → Create New → Addresses

​

  • Name = Set name for the address

  • Type = Subnet (if Kiwire using IP) /FQDN (if Kiwire using hostname)

  • IP/Netmask (if choose type Subnet) = Kiwire IP

  • FQDN (if choose type FQDN) = Kiwire hostname

  • Click OK

  • Name = Set name for the address

  • Type = IP Range

  • IP Range = IP Range for hotspot

  • Click OK

13. Create Policy for Unauthenticated User

 

Go to Policy & Objects→IPV4 Policy→Create New

​

  • Name = Set Name for the policy

  • Incoming Interface = VLAN or interface create for hotspot

  • Outgoing Interface = wan1

  • Source = all

  • Destination = choose Kiwire wallgarden

  • Schedule = always

  • Service = ALL

  • Action = ACCEPT

  • Click OK

14. Open CLI Console to enable bypass of the Captive Portal

15. Create Internet Access Security Policy


On the same page IPV4 Policy → Create New

​

A. Edit Policy

​

  • Name = Set name for the policy

  • Incoming = VLAN or physical interface hotspot

  • Outgoing Interface = WAN1

  • Source = all

  • Destination = all

  • Schedule = always

  • Service = ALL

  • Action = ACCEPT

​

B. Firewall/Network Options

  • NAT = Enable

  • IP Pool Configuration = Use Outgoing Interface Address

 

C. Click OK

16. Create DNS Policy

On same page → Create New

 

  1. Edit Policy

    • Name = set policy name

    • Incoming Interface = VLAN or physical interface hotspot

    • Outgoing Interface = wan1

    • Source = all

    • Destination = all

    • Schedule = always

    • Service = DNS

    • Action = Accept

  2. Firewall/Network Options

    • NAT = Enable

    • IP Pool Configuration = Use Outgoing Interface Address

  3. Click OK

D. Policy list should look like in the diagram below

17. Redirection after login

 

Click CLI Console

Kiwire Configuration

1. Access to Kiwire→Devices→Devices→Add Device

2. Fill in the details as below:
 

  • Device Type = Controller

  • Vendor = FortiAP

  • Identity = FortiGate Hostname

  • IP Address = FortiGate IP

  • Username = FortiGate username

  • Password = FortiGate password

  • Shared Secret Key = Secret key that create in Radius server part. Must be same

  • COA Port = 3799

  • Click Create

bottom of page