Hey folks! I'm working on setting up Wi-Fi for our employees who'll be using their own devices (BYOD) and I'm looking for some best practice advice. My plan is to create an open SSID (unencrypted) with a captive portal managed through a Fortigate firewall. The portal would connect to our Active Directory via LDAP to allow only selected users to log in using their AD credentials. This network will be isolated on a separate VLAN with very limited internet access and bandwidth controls.
One big concern I have is that since the SSID is open, users will see warnings that the network isn't secure. Given that this setup is akin to a public network for employees (separate from our internal network), is that a significant issue? Would love to hear your thoughts on this!
2 Answers
You should know that Fortigate’s captive portal might not come with SSL out of the box. You’ll need to do some work to enable secure connections, which is essential for user trust.
Thanks for the heads up! I’ll definitely check the documentation for that.
Honestly, just put a PSK on the network. People are used to entering passwords for Wi-Fi these days. Also, enable host isolation to prevent devices from communicating with each other. Plus, consider monitoring this network closely to detect any unusual activity.
A good idea! Keeping track of network behavior could save a lot of headaches later.
Absolutely, monitoring could help catch any potential issues early on!
Yep, that might complicate things if you don't address it early on.