FortiGate wireless LAN controller - Passpoint Configuration
Prerequisites
- Access to the FortiGate CLI as a user with administrative privileges.
- Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets):
- Access to the IronWiFi Management Console - Sign in or Open Account
Log in to the FortiGate CLI
Configure Venue Name
- config wireless-controller hotspot20 anqp-venue-name
- edit "IW_Venue"
- config value-list
- edit 1
- set lang "EN"
- set value "IW Venue"
- next
- end
- next
- end
Configure RCOI
- config wireless-controller hotspot20 anqp-roaming-consortium
- edit "IW_RCOI"
- config oi-list
- edit 1
- set oi "AA146B0000"
- set comment "IronWiFi"
- next
- end
- next
- end
Configure NAI Realm and authentication
- config wireless-controller hotspot20 anqp-nai-realm
- edit "IW_NAI_Realm"
- config nai-list
- edit "IW_NAI_List"
- set nai-realm "ironwifi.net"
- config eap-method
- edit 1
- set method eap-ttls
- config auth-param
- edit 1
- set id non-eap-inner-auth
- set val non-eap-pap
- next
- end
- next
- end
- next
- end
- next
- end
Configure Address Type
- config wireless-controller hotspot20 anqp-ip-address-type
- edit "IPv4"
- set ipv4-address-type single-NATed-private
- next
- end
Configure HotSpot Profile that will connect together all the configurations above.
- config wireless-controller hotspot20 hs-profile
- edit "IW_HS_Profile"
- set release 3
- set access-network-internet enable
- set domain-name "ironwifi.net"
- set venue-name "IW_Venue"
- set roaming-consortium "IW_RCOI"
- set nai-realm "IW_NAI_Realm"
- set ip-addr-type "IPv4"
- next
- end
This guide assumes that you have already configured IronWiFi Radius Server. If you have not done it yet, please follow this GUIDE
Finally, configure your WLAN (you can of course modify type from Bridge to Tunnel to match your environment, and change VLAN to your own, those two options are an example
- config wireless-controller vap
- edit "Passpoint"
- set ssid "PasspointForti"
- set security wpa2-only-enterprise
- set auth radius
- set radius-server "IW-ew2-radsec"
- set local-bridging enable
- set schedule "always"
- set vlanid 50
- set hotspot20-profile "IW_HS_Profile"
- next
- end
If you have installed the Passpoint Profile using the OSU URL in Captive Portal settings, your device should automatically authenticate to the SSID you have just created.
Related Articles
Aruba wireless LAN controller - Passpoint configuration
Prerequisites This user guide applies to Aruba Mobility Controllers with AOS 8.x or later. AOS 6.4.x is the minimum version to support Passpoint capabilities. Access to the Aruba wireless LAN controller as a user with administrative privileges. ...RUCKUS wireless LAN controller - Passpoint Configuration
Prerequisites Access to the Ruckus SmartZone Dashboard as a user with administrative privileges. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets): Email or document that contains this information OR ...Fortigate / FortiAP
This page explains the Captive Portal configuration for Fortigate hardware and authentication via IronWiFi. IronWiFi Console Configuration Log into the IronWiFi console or register for free Create a new network After that, create a new captive ...TP-Link OMADA Passpoint
This guide requires Passpoint enabled firmware on both the controller and Access Point. The lastest stable firmware for the controller is 1.30.7 Build 20250704 Rel.78617 (Stable), and you need to have the lastes dev / testing firmware installed on ...Aerohive (Extreme) wireless controller - Passpoint configuration
Prerequisites Access to the ExtremeCloud Dashboard as a user with administrative privileges. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets): Email or document that contains this information OR Access ...