Captive Portal
      Back to home
      1. Help Center
      2. Access Point Instructions
      3. Captive Portal

      WatchGuard Wi-Fi Cloud AP

      Access Point Instructions for WatchGuard Wi-Fi Cloud AP

      This page explains the configuration of WatchGuard Wi-Fi Cloud AP wireless access points for external Captive Portal and RADIUS server authentication.

      IronWiFi Console Configuration

      1. Log into the IronWiFi console or register for free
      2. Create a new network
      3. After that, create a new captive portal, with vendor WatchGuard Wi-Fi Cloud AP

      Access Point Configuration

      Open a web browser and log in to your WatchGuard Cloud Management dashboard

      Click Configuration at the top, then click the RADIUS Profiles icon and click the Add RADIUS Profile link. Configure with:

      • Profile Name: guest1
      • IP Address: get this value from the IronWiFi console
      • Authentication Port: get this value from the IronWiFi console
      • Accounting Port: get this value from the IronWiFi console
      • Shared secret: get this value from the IronWiFi console

      Click Save and then add a second RADIUS profile. Configure with:

      • Profile Name: guest2
      • IP Address: get this value from the IronWiFi console
      • Authentication Port: get this value from the IronWiFi console
      • Accounting Port: get this value from the IronWiFi console
      • Shared secret: get this value from the IronWiFi console

      Click Save.

      Next, click Configuration at the top, then click the Device Configuration icon and click SSID Profiles. Click the Add New Wi-Fi Profile link and configure with:

      • Profile Name: Guest Wi-Fi
      • SSID: Guest Wi-Fi (or whatever you want to broadcast for your SSID)
      • Broadcast SSID: Enabled

      Under The Security section:

      • Security Mode: Open
      • Client Isolation: Enabled

      Under the Network section:

      • NAT : Enabled
      • Start IP Address: 10.1.0.2
      • End IP Address: 10.1.0.254
      • Local IP Address: 10.1.0.1
      • Subnet Mask: 255.255.255.0
      • DNS Servers: add: 8.8.8.8 and 8.8.4.4
      • Lease time: 1440

      Under the Captive Portal section:

      • Enable Captive Portal: Enabled
      • External Splash Page with RADIUS Authentication: Enabled
      • Splash Page URL: get this value from the IronWiFi console
      • Shared Secret: get this value from the IronWiFi console
      • Walled Garden: Add the below domains one by one

      107.178.250.42

      If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.

      • Redirect URL: get this value from the IronWiFi console
      • Enable HTTPS Redirection: Disabled

      Under the Radius Settings link:

      • Called Station Id: %m
      • Primary Authentication Server: guest1
      • Secondary Authentication Server: guest2
      • Interval: 2 mins
      • Primary Accounting Server: guest1
      • Secondary Accounting Server: guest2

      Click Save and then Click Save again. Finally, go back to Device Configuration and click Device Templates. Edit your current template, and under the Radio Settings section add the new SSID profile you created above to all radios.

      ! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !