Guest User Management

NGFW allows the creation of guest user lists. This capability can be useful for hotels, public Wi-Fi hotspots, and Internet access points where users need to be identified and given access for a limited time.

Guest users can be created in advance by the system administrator or users can be allowed to self-register in the system with SMS or email verification.

To create a guest user list as an administrator, follow these steps:

Name

Description

Step 1. (Optional) Create a guest user administrator.

  • In the Administrators section, click Add and create an administrator profile with read and write permissions set for Guest portal in the Web console permissions tab. This profile grants access to the guest user management console.

  • Create an administrator account and assign the created role to it.

For more details on creating NGFW administrators, see the relevant section of this Guide.

Step 2. Create a group to which guest users will be added as members. This group is needed to facilitate access policy management for guest users.

In the NGFW console, go to the Groups section, click Add, and create a group with the Group for guest users checkbox set. For more details on creating user groups, see the relevant section of this Guide.

Step 3. Connect to the Guest portal management console.

In the browser, go to URL https://IP_NGFW:8001/ta. Use the login and password for the device administrator or guest user administrator created at Step 1.

Step 4. Create a user list.

In the console, click Add and fill in these fields:

  • Number of users to create

  • Comment

  • Expiration date and time: the date and time when the guest account will be disabled

  • Password length: the password length for the user being created

  • Password complexity: the password complexity level for the user being created, The available options are:

  • Numeric

  • Alphanumeric

  • Alphanumeric+special

  • Guest user TTL: the length of time from the guest user's first login after which their user account will be disabled

  • Group: the group created at Step 2 to which the created guest users will be added.

The list of users thus created can be viewed in the Users list section of the guest user management console.

To enable user self-registration in the system, follow these steps:

Name

Description

Step 1. Create an SMPP notification profile (for SMS verification) or SMTP notification profile (for email verification).

In the Libraries ➜ Notification profiles section, click Add and create an SMPP or SMTP notification profile. For more details on creating notification profiles, see the Notification Profiles section.

Step 2. Create a group to which guest users will be added as members. This group is needed to facilitate access policy management for guest users.

In the NGFW console, go to the Groups section, click Add, and create a group with the Group for guest users checkbox set. For more details on creating user groups, see the relevant section of this Guide.

Step 3. Create a captive profile configured to use the notification profile for sending information about the created account.

In the Users and devices ➜ Captive profiles subsection, create a profile and configure it to use the notification profile created earlier. As the auth page template, specify Captive portal: email auth or Captive portal: SMS auth, depending on the chosen notification method. Configure the notification message, guest user group, and guest user expiration time. For more details on creating notification profiles, see the Notification Profiles section.

Step 4. Create a captive portal rule that will use the captive profile created at the previous step.

In the Users and devices ➜ Captive portal section, create a rule that will use the captive profile created earlier. For more details on creating captive portal rules, see the Captive Portal Configuration section.