top of page

Kiwire 3.0 Administrator      >        Setting up the Wi-Fi Hardware & Configuration       >       FortiWifi 

Kiwire 3.0 Administrator - Device & Controller Setup Guide

FortiWiFi Device Configuration for Kiwire Hotspot





  1. Tested on Fortiwifi 5.2 and above

  2. Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.

  3. Social network hostname list can be obtained from Social network whitelist guide

Fortiwifi Hostname change


a.     Go to System > Dashboard > status


b.     Change the Hostname to FortiWifi Mac address without the colon



2. Add Radius services


a.     Go to User & Device > Authentication > Radius Server

b.     Name → Kiwire

c.     Primary server ip → Kiwire ip

d.     Primary server secret → a secret key assign for communication between Kiwire and fortiwifi

e.     Authentication method → specify

f.      Method → PAP

g.     NAS IP → Wan ip of fortiwifi Wan

3. Configure Fortiwifi for accounting interim update


a). Go to command CLI

b). Type the following command

#config user radius edit Kiwire
#config accounting-server edit 1
#set status enable
#set server Kiwire ip ( replace with actual Kiwire ip address )
#set secret XXXX ( replace xxxx with actual shared secret key )
#set acct-interim-interval 1800

c). Verify by running #show user radius


d. You can test fortiwifi authentication with Kiwire server bellow command, if username test and password test have been created at Kiwire platform.
#diagnose test authserver radius kiwire pap test test.

e.  Output command


4. Create user for hotspot


a.     Go to user & Device > user  > user definition

b.     Username → kiwire-guest

c.     Match user on radius server → select kiwire

d.     Click ok to save

e.     Go to user & device > user > user group

f.      Create a new group

g.     Name → kiwire-guest

h.     Type → firewall

i.      Remote server → Kiwire

j.      Group name → Any

5. Wallgarden

a.     To create wallgarden for social login , as per network wallgarden guide , please go to Policy & Object > Address and add
b.     You can create required records based on the table below. Merge them under one title to make it more clean to understand and allow better management.

c.     Specific records for Google, Facebook and Twitter should be created only when you use social networks for authentication.


d.  Add the Synchroweb Socialgate into the policy object


e.     Name → Socialgate.synchroweb

f.     Type → FQDN

g.     FQDN→

h.     Interface any

i.     Show in address list → Yes

j.      Repeat above for

6. Set Kiwire Portal as object


a.     Go to Policy & Objects > Objects > Address

b.     Add New

c.     Name → Kiwire server

d.     Subnet ip range → Kiwire ip

7.     Create Security  policy

a. Go to Policy & Objects > Policy > IPv4


a.     Create a security policy for unauthenticated users that allows access only to the captive portal.

b.     Incoming interface → Select wifi ssid

c.     Source address → all

d.     Outgoing interface → WAN

e.     Destination Address → select kiwire server + social wallgarden + socialgate

f.      Service → all

g.     Action → Accept

8. Enable Bypass for captive portal

a.     Go to command CLI


9. Create Internet access Policy

a). The first rule for allowing the access to selected sources for not-authenticated users


b.     Go to Policy & Object > policy > ipv4

c.     Create new

d.     Incoming interface → Wifi interface

e.     Source address → all

f.     Source user → kiwire-guest

g.      Outgoing interface → Wan

h.     Destination address → All

i.     Service → all

j.      Action → accept

10. Create DNS bypass


a.     Go to Policy & Object > policy > ipv4

b.     Create new

c.     Incoming interface → Wifi interface

d.     Source address → all

e.     Outgoing interface → Wan

f.      Destination address → All

g.     Service → DNS

h.     Action → accept

11. Create Wifi network

12. Go to System > Network interface


a.     Create  a new wifi ssid

b.     Interface name → Select your interface name

c.     Type → wifi ssid

d.     Traffic mode → tunnel to wireless controller

e.     Ip/netmask → Set your interfaced ip

f.      Administrative Access → Ping

g.     Dhcp server → enable

h.     Starting IP & End IP → your DHCP pool for guest

i.     Netmask → your network subnet mask

j.     Default gateway → Same as interface IP

k.    DNS server → same as system DNS


l.      SSID → your wireless SSID name

m.    Security mode→ Captive portal

n.     Portal type → authentication

o.     Authentication Portal → External , kiwireip/login/fortiap , without https or http

p.     User group → kiwire-guest

q.     Except list → kiwire server

r.      Go to FortiAP Profile


s.     Radio1 mode → Access point

t.     SSID → select the ssid created.

Kiwire Configuration for Fortigate

Adding NAS into Kiwire

  • Navigate to Devices > Devices > Add Device

  • Device Type → Controller

  • Vendor → FortiAP

  • Identity → The hostname of fortiAP

  • Ip Address → FortiAP wan ip

  • Address → optional

  • Username → FortiAP username

  • Password → FortiAPpassword

  • Shared Secret Key → Secret key phrase set at Radius

  • COA Port → 3799

  • Description → optional

  • Monitoring Method → optional

  • Community → optional

  • Snmp version → optional

  • Create→ to save

bottom of page