cancel
Showing results for 
Search instead for 
Did you mean: 

Hotspot without authentication ?

philip_francis1
Contributor
Hello, I have a third party Onboarding server - FortiConnect.
This server presents a login web GUI, where after authentication the user is directed to another  page where they can download an onboarding app.
What I want Zonedirector to do is as follows:

- user connects to Zonedirector SSID. 
- FIRST REDIRECT: Zonedirector redirects user to Forticonnect (have done this successfully with a Hotspot service)
- user authenticates on the ForitiConnect website
- SECOND REDIRECT: user is redirected by FortiConnect to another FortiConnect Onboarding download website (this is where it fails for me. I think Zonedirector is expecting authentication details and will not allow another redirect until it receives them ?)

So, how can create a Zonedirector Hotspot service which redirects to FortiConnect and then allows further redirects. I do not want Zonedirector to authenticate at all. 
The only reason I want the Hotspot feature is to allow auto redirect to FortiConnect. Forticonnect will then handle authentication and redirects etc. completely separate from ZoneDirector.
7 REPLIES 7

1said_sanoussi
New Contributor III
Any URL you want the users to be able to access before beining fully auithenticated need to be added to a walled garden. So try putting the url's you want to redirect to in the walled garden and test this. The walled garden is provisioned on the ZD

philip_francis1
Contributor
Thank you. I have added walled garden entries but access to the second URL still fails.
My walled garden entries now include:
1. mwaklconnect1.domain.forest
2.  10.21.250.153/32 (which is the IP of mwaklconnect1.domain.forest) 

So, the initial redirect which works points to:
1. 
https://mwaklconnect1.domain.forest/portal/MW_Onboarding_portal/10.99.0.10

Then I also need a client to be able to access:
2. https://mwaklconnect1.domain.forest/portal/MW_Onboarding_portal/preview/success

Zonedirector seems to be preventing this second URL from loading and instead just directs users back to the original URL in step 1.
Can anyone suggest how to allow the second URL to load ?


robert_lowe_722
Contributor III
The only way I can think with hotspot is to set a redirect on the hotspot for post successful login. But the only way this will work is if the forticlient server can send a RADIUS accept to the ZD because this is what the ZD is expecting in a hotspot authentication.

philip_francis1
Contributor
Thank you, but what about walled garden? I thought the whole purpose of walled garden was to allow access to multiple whitelisted URLs without the need for Zonedirector to receive any RADIUS accept messages ?