LogoLogo
🇬🇧 English
🇬🇧 English
  • 💡Using this Academy
  • Getting Started
    • Creating your first venue
  • Hardware & Installation
    • Installation Guides
      • MikroTik
        • Winbox
        • WebFig
        • MikroTik Script Generator
        • VLANs & Additional APs
          • Add VLAN on MikroTik
          • Add additional APs to MikroTik
          • Whitelist a device in the guest network
          • UniFi APs and MikroTik
        • Connection Guide
      • Ubiquiti
        • Ubiquiti UniFi
        • Creating access credentials
        • Installing remote access tunnel
        • Guest network for physical ports
        • Ubiquiti UniFi Legacy
          • Overview
          • Controller configuration
            • New interface version
            • Legacy interface version
          • File upload
            • Cloud Key
            • Dream Machine
            • Software Controller
      • Ruckus
        • Ruckus ZoneDirector
        • Ruckus Unleashed
        • Ruckus Virtual SmartZone
      • Cisco
        • Cisco Catalyst
        • Cisco Meraki
        • Cisco Meraki - add Social WiFi account to your dashboard
        • Cisco WLC
      • TP-Link
        • TP-Link Omada
        • TP-Link Omada (Legacy)
      • Juniper Mist
      • Ruijie
      • Zyxel Nebula
      • OpenMesh
      • Huawei AC / FAT AP
      • Extreme Networks
        • WiNG Controller
        • Extreme Cloud IQ
      • Aruba
        • Aruba Central
        • Aruba IAP
        • Aruba Instant On
      • Alcatel-Lucent
        • OmniVista Cirrus
        • Alcatel-Lucent Express
      • Fortinet
        • FortiGate / FortiWiFi
        • FortiAP
      • Grandstream
        • Direct access
        • GWN Cloud
      • Aerohive
      • Teltonika
      • TanazaOS
      • IgniteNet
      • Cambium Networks
        • cnPilot
        • cnMaestro
      • DrayTek Vigor
      • DCN
    • Hardware FAQs
      • Recommended devices
      • Set network limits
      • How to set up session timeouts on MikroTik devices
      • Change MikroTik SSID
      • Why is there no Meraki GO integration?
      • Configure devices to make YouTube widget work
    • Setup FAQs
      • Login process
      • QR codes and Social WiFi
      • Troubleshooting
      • Setting up your first AnyDesk session
      • How to export configuration from a MikroTik device?
      • How to create HAR file on different internet browsers
      • What benefit is editable radius secret?
      • Can I charge customers for WiFi access?
      • Understanding Access Point statuses?
  • Dashboard Guides
    • Dashboard Guides
      • Location Management
        • How to add a new Project
        • How to add a new Venue
        • Duplicate a Venue design within a Project
        • What is the difference between a Project and a Venue?
        • How do I delete a Project or Venue
      • WiFi Splash Pages
        • How to add a Pre-Login Page
        • How to copy Login pages to other Venues in a Project
        • How to change the opt in slider to a button
        • Adding YouTube widget
        • Adding a countdown delay on the Pre-Login Page
        • Login button options
        • Embed Instagram posts on your Welcome Page
      • Online Reviews
        • Configuring the review system
        • Change the review redirection links
        • Where to find Google review redirection link?
        • Copy review settings to other Venues?
        • Change when a review request email is sent?
        • How to send a review reminder
        • Reply to user messages
        • Forward customer feedback to help desk systems
        • Turn off the review system?
        • TripAdvisor Review Express
        • How to change your review score style
        • Send a test review email
      • Email Marketing
        • Send an email after the first login
        • Send an email on login
        • Send an email after a visit
        • Send an email after X visits
        • Send an email if somebody hasn’t visited in so long
        • Copy emails to other Venues
        • Adding Email Attachments
        • Bulk email campaigns sending rules
        • Send emails using your own domain (address)
        • Setup your Gmail account as the email sender
        • How to set up your own SMTP server
        • Use Amazon SES to send your emails
        • Create a linked button in the email editor
      • Dashboard Users
        • Project and venue permissions
        • Adding an Admin User
      • SMS Marketing
        • Setup SMS Automation
        • USA Registration
      • How to export user data
      • Verified vs Unverified User Data
      • How to read device statistics
      • Dashboard statistics – what do they represent?
      • Adding Custom Fonts
      • How to remove a user from the Social WiFi database
      • Optional features – autologin, AP warnings and others
    • Dashboard FAQs
      • How do I delete content in the Media tab?
      • Why are the email and splash page editors different?
      • Can I import a database into Social WiFi?
      • How to ask a user for more feedback
      • How do I add more than one Pixel or Cookie to my Venue?
      • How to turn off New Feedback email notifications
      • Why do I get Access Point Warning emails?
      • How to turn off Access Point Warning email notifications
      • Can I move the "Connect to Internet" button?
      • Can I edit venue ID?
      • Can I add other review sites to my system?
      • Can I add a custom set of review emojis?
      • My data isn’t appearing in the User Data tab
      • Is the dashboard available in other languages?
      • Send a Project Report
      • Can I add other language versions?
      • My venue shows as Inactive
    • WiFi Login FAQs
      • Social Media Login
        • Can I authenticate for Facebook login via the app?
        • What data do you get from each login method?
        • Why Facebook widget is not enabled on MacBooks?
        • Can my guests like or check-in at my business?
        • Can I use Instagram login widget on my login page?
        • Can I use Google login widget on my login page?
      • Email Login
        • Turn off verification emails
        • Why are activation emails recommended?
        • How to make the email verification link compulsory
        • Why there are multiple activation emails for one user?
        • How to ask for more information on email login
      • Login Codes
        • Pre-login Code vs Login Bypass Codes?
        • Add a password unlock button on the Pre Login Page
        • How to generate Pre Login codes
        • How to generate Login Bypass codes
      • Known Issues
        • Issues with hotspot networks on Apple devices
      • How Auto Login works
      • Ask additional questions on WiFi login
      • How to collect phone numbers
      • Redirect to a webpage after login
      • I didn’t receive an email after logging in
      • How to gather feedback during the login process
  • Integrations
    • Connecting Social WiFi data
      • Integrate with Mailchimp
      • Integrate with Campaign Monitor
      • Integrate with Zapier
      • Integrate with HubSpot
      • Integrate with GetResponse
      • Integrate with Revinate
      • Integrate with Klaviyo
      • Integrate with Brevo
      • Integrate with SALESmanago
      • Integrate with Freshmail
      • Push historic data to your CRM
      • Copy Integrations to other Venues
    • Retargeting Pixels & Cookies
      • Pixels & Cookies Purpose
      • Add Facebook Pixel
      • Add TikTok Pixel
      • Add Snapchat Pixel
      • Add Google Ads Cookie
      • Copy Integrations to other Venues
  • Tips & Tricks
    • Sending surveys via WiFi with Google Forms
  • Billing
    • Invoicing & Payments
      • Can you automatically take my payments?
      • How do I cancel my service?
      • What are the payment terms?
      • How can I pay for my service?
      • When do Social WiFi send invoices?
  • Reseller Program
    • Brand Guidelines
    • White Label
      • White label configuration guide
      • White label hardware configuration guide
      • Account Management
      • Can Social WiFi be white labelled?
      • Can my company’s logo be placed in the dashboard?
Powered by GitBook
On this page
  • Compatibility
  • Access the device’s configuration panel
  • RADIUS configuration
  • Setting the auth-timeout
  • Remote Group configuration
  • Walled Garden configuration
  • WiFi configuration (wireless interface)
  • Interface configuration (wired interface)
  • Firewall configuration
  • Add the device to Social WiFi Panel
  • Test the solution
  • Troubleshooting

Was this helpful?

  1. Hardware & Installation
  2. Installation Guides
  3. Fortinet

FortiGate / FortiWiFi

Compatibility

Social WiFi has been tested and is proven to work on the following configurations:

FortiWiFi – wireless interfaces

  • FortiOS version 5.6.0 and above (tested up to 7.4.5)

FortiGate hardware or virtual machine – wired interfaces

  • recommended: FortiOS version 6.2.4 and above (tested up to 7.4.5)

  • FortiOS version 5.6.0 and above work if the captive portal is enabled on a physical interface, VLAN interfaces are not supported below FortiOS 6.2.4

Access the device’s configuration panel

This guide assumes using the web based UI of the controller, which you can access by entering the IP address of the device in your browser. The screenshots are based on firmware v5.6.2.

Alternatively, if your device is managed from FortiCloud, you can access the management UI from there.

RADIUS configuration

Go to User & Device → RADIUS Servers → Create New and use the following settings:

Name
Social WiFi

Primary Server IP/Name

35.205.62.147

Primary Server Secret

Secondary Server IP/Name

Leave empty

Secondary Server Secret

Leave empty

Authentication Method

Specify

Method

PAP

NAS IP

Leave empty

Press OK.

The login "pattern" for Test Connectivity is: test_RADIUS,

where RADIUS is the Radius Secret available in Access Points tab of the Social WiFi Panel.

For password use the same credential.

For example, if my Radius Secret is "myradiussecret", my login would be "test_myradiussecret".

Now you need to change the RADIUS port to 31812. Open the CLI Console (top right corner, between “help” and username).

Copy (ctrl+C) and paste (ctrl+V) or type the following commands:

config user radius
    edit "Social WiFi"
        set radius-port 31812
    next
end

Also, please add an Accounting server the same way (CLI Console):

config user radius
  edit "Social WiFi"
    config accounting-server
      edit 1
        set status enable
        set server 35.205.62.147
        set secret [RADIUS secret from the panel]
        set port 31813
      next
    next
   end

Setting the auth-timeout

In the CLI console, enter the following commands:

config user setting
set auth-timeout-type idle-timeout
end
config user group
edit Social\ WiFi\ -\ Guest
set authtimeout 480
end

Where the "set authtimeout 480" is in minutes and you can adjust the value freely. This will make your users have to relogin after not being active in the network for 8 hours.

Then close the CLI console by clicking the “x” button in the top right corner.

Remote Group configuration

Go to User & Device → User Groups → Create New

and use the following settings:

Name
Social WiFi - Guest

Type

Firewall

Members

Leave empty

Under Remote Groups, click Add and then select Social WiFi from the Remote Server dropdown list. Click OK to save and then click OK again.

Walled Garden configuration

Now we need to add all the services that will be available without logging in. This list includes Social WiFi login page and third-party social login services (like Facebook, Google). The following guide assumes firmware version 5.6.2, which doesn’t support domains with wildcard (e.g. “*.facebook.com”). Using wildcards was added in firmware 6.2.2, so if you have that version or higher, you may adjust the following steps accordingly.

The suggested way to add all required entries, is to use the CLI again to copy (ctrl+C) and paste (ctrl+V) the following scripts. Please note, that the script is split into two parts, because there’s a length limit that cannot be exceeded.

Note: A regional Google domain according to your geographic location has to be added to make Google login work. Please edit the “Social WiFi – Google 1 – regional” value below accordingly, e.g. if you’re based in UK, add “accounts.google.co.uk”.

Part 1:

# Social WiFi main service
config firewall address
    edit "Social WiFi - main 1"
        set type fqdn
        set fqdn "login.socialwifi.com"
    next
    edit "Social WiFi - main 2"
        set type fqdn
        set fqdn "sw-login.com"
    next
end
config firewall addrgrp
    edit "Social WiFI - main"
        set member "Social WiFi - main 1" "Social WiFi - main 2"
    next
end

# Facebook remarketing pixel
config firewall address
    edit "Social WiFi - Facebook pixel 1"
        set type fqdn
        set fqdn "connect.facebook.net"
    next
    edit "Social WiFi - Facebook pixel 2"
        set type fqdn
        set fqdn "www.facebook.com"
    next
end
config firewall addrgrp
    edit "Social WiFI - Facebook pixel"
        set member "Social WiFi - Facebook pixel 1" "Social WiFi - Facebook pixel 2"
    next
end

# Google remarketing tag
config firewall address
    edit "Social WiFi - Google tag 1"
        set type fqdn
        set fqdn "www.googletagmanager.com"
    next
    edit "Social WiFi - Google tag 2"
        set type fqdn
        set fqdn "www.googleadservices.com"
    next
    edit "Social WiFi - Google tag 3"
        set type fqdn
        set fqdn "googleads.g.doubleclick.net"
    next
end
config firewall addrgrp
    edit "Social WiFI - Google tag"
        set member "Social WiFi - Google tag 1" "Social WiFi - Google tag 2" "Social WiFi - Google tag 3"
    next
end

# Facebook login
config firewall address
    edit "Social WiFi - Facebook 1"
        set type fqdn
        set fqdn "www.facebook.com"
    next
    edit "Social WiFi - Facebook 2"
        set type fqdn
        set fqdn "facebook.com"
    next
    edit "Social WiFi - Facebook 3"
        set type fqdn
        set fqdn "static.xx.fbcdn.net"
    next
    edit "Social WiFi - Facebook 4"
        set type fqdn
        set fqdn "external-frt3-2.xx.fbcdn.net"
    next
end
config firewall addrgrp
    edit "Social WiFi - Facebook"
        set member "Social WiFi - Facebook 1" "Social WiFi - Facebook 2" "Social WiFi - Facebook 3" "Social WiFi - Facebook 4"
    next
end

Part 2:

# Twitter login
config firewall address
    edit "Social WiFi - Twitter 1"
        set type fqdn
        set fqdn "twitter.com"
    next
    edit "Social WiFi - Twitter 2"
        set type fqdn
        set fqdn "api.twitter.com"
    next
    edit "Social WiFi - Twitter 3"
        set type fqdn
        set fqdn "x.com"
    next
    edit "Social WiFi - Twitter 4"
        set type fqdn
        set fqdn "api.x.com"
    next
    edit "Social WiFi - Twitter 5"
        set type fqdn
        set fqdn "pbs.twimg.com"
    next
    edit "Social WiFi - Twitter 6"
        set type fqdn
        set fqdn "abs-0.twimg.com"
    next
    edit "Social WiFi - Twitter 7"
        set type fqdn
        set fqdn "abs.twimg.com"
    next
end
config firewall addrgrp
    edit "Social WiFi - Twitter"
        set member "Social WiFi - Twitter 1" "Social WiFi - Twitter 2" "Social WiFi - Twitter 3" "Social WiFi - Twitter 4" "Social WiFi - Twitter 5"
    next
end

# LinkedIn login
config firewall address
    edit "Social WiFi - LinkedIn 1"
        set type fqdn
        set fqdn "www.linkedin.com"
    next
    edit "Social WiFi - LinkedIn 2"
        set type fqdn
        set fqdn "static-exp1.licdn.com"
    next
    edit "Social WiFi - LinkedIn 3"
        set type fqdn
        set fqdn "media-exp1.licdn.com"
    next
    edit "Social WiFi - LinkedIn 4"
        set type fqdn
        set fqdn "static.licdn.com"
    next
end
config firewall addrgrp
    edit "Social WiFi - LinkedIn"
        set member "Social WiFi - LinkedIn 1" "Social WiFi - LinkedIn 2" "Social WiFi - LinkedIn 3" "Social WiFi - LinkedIn 4"
    next
end

# Group everything in one group
config firewall addrgrp
    edit "Social WiFi"
        set member "Social WiFI - main" "Social WiFI - Facebook pixel" "Social WiFI - Google tag" "Social WiFi - Google" "Social WiFi - Facebook" "Social WiFi - Twitter" "Social WiFi - LinkedIn"
    next
end

WiFi configuration (wireless interface)

Go to WiFi & Switch Controller → SSID and set the "Broadcast SSID" toggle off.

Press OK and Create New SSID.

If you already have an existing WiFi network, edit it accordingly instead (you can skip to the “WiFi Settings” part).

Interface configuration:

Interface Name
Social WiFi

Alias

sw interface

Type

WiFi SSID

Traffic Mode

Tunnel

IP/Network Mask

10.8.0.1/255.255.0.0

DHCP Server

Enabled

Address Range

Should be prefilled, if not, use 10.8.0.2 – 10.8.255.254

Netmask

Should be prefilled, if not, use 255.255.0.0

WiFi Settings:

SSID
Social WiFi (or any name that you prefer)

Security Mode

Captive Portal

Portal Type

Authentication

Authentication Portal

External: http://login.socialwifi.com/

User Groups

Social WiFi – Guest

Exempt Sources

Leave empty

Exempt Destinations/Services

Social WiFi (in ADDRESS GROUP tab, scroll down if it's hidden)

Redirect after Captive Portal

Original request

Press OK.

Interface configuration (wired interface)

You can also run Social WiFi on a wired, physical interface and plug access points there. In this scenario those access points don’t have to be managed by the FortiGate unit.

Go to Network → Interfaces and double-click on the interface that you want to install Social WiFi on and configure as follows:

Interface Name
*any lan interface you want Social WiFi on

Alias

socialwifi-lan*

Role

LAN

Addressing mode

Manual

IP/Network Mask

10.8.0.1/255.255.0.0

IPv4

Leave unchecked

DHCP Server

Enabled

Address range

Should be autofilled, if not - copy from the image below

Security Mode

Captive Portal

Authentication Portal

External: http://login.socialwifi.com/

User Access

Restricted to Groups

User Groups

Social WiFi – Guest

Customize Portal Messages

Unchecked

Exempt Sources

Leave empty

Exempt Destinations/Services

Social WiFi

Press OK.

Firewall configuration

You need to allow for traffic from guests using the WiFi, because the default policy is to deny all traffic.

Go to Policy & Objects → IPv4 Policy → Create New and use the following settings:

Name
Social WiFi Allow Guests

Incoming Interface

Social WiFi (the interface created or edited in the previous point)

Outgoing Interface

wan1 (your WAN interface)

Source

all

Destination

all

Service

ALL

Action

ACCEPT

Press OK.

Add the device to Social WiFi Panel

The setup of the controller is now finished. The last step is to add the MAC address(es) to the Social WiFi platform. Usually the MAC address will be printed on a label on the device itself. It should be visible in the GUI as well on the edit interface screen. If you don’t know the MAC address, please contact Social WiFi Support.

Now, switch to Social WiFi Panel, go to Access Points tab, click the Add button and paste the MAC address(es). Click Create.

Test the solution

Connect with the WiFi network. You should see a login page. Go through the login process and, once finished, you should have internet access. You should see first connections and authorisations in the Social WiFi Panel’s statistics section.

Troubleshooting

If you have any external firewall behind the FortiGate device, please make sure that you enable these ports:

  • TCP/8080 (Captive Portal (http redirection))

  • TCP/8081 (Captive Portal (https redirection)

  • UDP/9177, 337008 (AP Communication (Capture Packets subsystem))

PreviousFortinetNextFortiAP

Last updated 2 months ago

Was this helpful?

Radius Secret is available in Access Points tab of the

Social WiFi Panel