ADIPSYS Hotspot Manager Integration with Wi-Fi in WatchGuard Cloud

This guide demonstrates how to integrate WatchGuard Cloud with ADIPSYS Hotspot Manager to enable guest users to authenticate to a captive portal.

Before you begin, make sure your access point is activated with a WatchGuard Standard Wi-Fi or USP Wi-Fi Management license and registered with WatchGuard Cloud. For more information, go to Activate an Access Point.

Contents

Platform and Software

The hardware and software used in this guide include:

  • ADIPSYS Hotspot Manager:
    • Hotspot Manager Portal Account
  • WatchGuard:
    • WatchGuard Cloud Account
    • WatchGuard AP230W
  • Wireless client devices

Additional charges might apply to use Hotspot Manager.

Test Topology

For more information about Hotspot Manager and WatchGuard access points managed in WatchGuard Cloud, go to the ADIPSYS Hotspot Manager support documentation and the Wi-Fi in WatchGuard Cloud Access Point documentation.

Topology diagram for ADIPSYS Hotspot Manager Captive Portal Integration

ADIPSYS Hotspot Manager Configuration

Get the WatchGuard Access Point Device Information

Make sure that you record the MAC address of the WatchGuard access points you want to use to integrate with ADIPSYS Hotspot Manager.

To get the information for your WatchGuard access point:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Devices.
  3. Select the Access Point tab.
  4. Find the access point you want to use to integrate with ADIPSYS Hotspot Manager.
  5. Copy the MAC address. This value is required when you configure ADIPSYS Hotspot Manager.

Add an Access Controller

To add an access controller in ADIPSYS Hotspot Manager:

  1. Log in to the Hotspot Manager portal.
  2. From the left navigation bar, select Configurations > Access controllers.
  3. Click Add an access controller.
    The New access controller page opens
  4. From the Model drop-down list, select Coova - Chilli.
  5. In the Name text box, type a descriptive name.
  6. In the RADIUS security section, select Only RADIUS secret.
  7. Copy and save the RADIUS secret value that is shown on the page. You need this value when you configure the RADIUS authentication domain in WatchGuard Cloud.
  8. In the NAS-ID text box, type the MAC address of your WatchGuard access point without colon separators. Use the MAC address you recorded in the previous section.
  9. Enable Monitor RADIUS activity.
  10. In the UAM secret text box, type a pre-shared key. You need this value when you configure the captive portal in WatchGuard Cloud.
  11. From the Communication protocol drop-down list, select HTTP.

    12. Screenshot of the Hotspot Manager Add an access controller page

  12. Leave the other settings at their default values.
  13. Click Save.

Configure a Wi-Fi Zone and Hotspot

To associate your access controller with a Wi-Fi zone and create a hotspot:

  1. From the left navigation bar, select Configurations > WiFi zones.
  2. Select your Wi-Fi zone.
  3. On the Parameters tab, in the Access controllers section, add the access controller you created in Add an Access Controller.
  4. Leave the other settings at their default values.
  5. Click Save.

    6. Screenshot of the Hotspot Manager WiFi zone Parameters tab

  6. Select the Hotspot tab.
  7. Click Add a Hotspot.
    The New Hotspot page opens
  8. In the Name text box, type a descriptive name.
  9. From the Free access period offer drop-down list, select an offer that matches your deployment. In this example, we select Offre illimité.
  10. In the Captive portals section, select an existing captive portal.
    If you do not have a captive portal, from the left navigation bar, select Design > Captive portals to add one.
  11. On the Geolocation tab, enter the Hotspot type, Address, Zip code, City, and Country information.
  12. Configure the other settings as required for your deployment, or leave them at their default values.

    13. Screenshot of the Hotspot Manager Hotspot configuration page

  13. Click Save.
  14. After you save the hotspot, select the APs tab in the same Hotspot you just saved.
  15. Click Add an AP.
    The New AP page opens
  16. In the Name text box, type a descriptive name.
  17. In the Access Controller drop-down list, select the access controller you created.
  18. In the MAC address text box, type the MAC address of your WatchGuard access point you recorded in the previous section.

    19. Screenshot of the Hotspot Manager Hotspot configuration and AP registration page

  19. Click Save.

WatchGuard Cloud Configuration

For detailed information on Wi-Fi in WatchGuard Cloud deployment, go to Get Started with Wi-Fi in WatchGuard Cloud.

Access points can have two different types of settings:

  • Device-level settings — Settings that you apply individually to each access point.
  • Access Point Site settings — Access Point Sites enable you to create settings and apply them to multiple access points that subscribe to the site.

The Captive Portal feature is only available when setting up Access Point Site settings.

Add a RADIUS Authentication Domain to WatchGuard Cloud

To configure a RADIUS authentication domain in WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Directories and Domain Services.
  3. Click Add Authentication Domain.
  4. In the Domain Name text box, type a domain name. In this example, we use hotspotmanager.fr.
  5. Click Next.
  6. From the Select the type of authentication domain to add list, select RADIUS.
  7. From the RADIUS Server Type drop-down list, select RADIUS Authentication Server.
  8. From the Type drop-down list, select Host IPv4.
  9. In the IP Address text box, type the primary IP address of the Hotspot Manager RADIUS server.
  10. In the Port text box, type the authentication port number of the Hotspot Manager RADIUS server.
  11. In the Shared secret text box, type the RADIUS secret you entered in the access controller configuration in Hotspot Manager.

    12. Screenshot of the Add Authentication Domain page in WatchGuard Cloud

  12. Click Save.
  13. From the authentication domain list, select the domain you just created.
  14. Select the Servers tab.
  15. Click Add Server.
  16. Repeat steps 6 to 12 to create a RADIUS Accounting Server.

    17. Screenshot of the Authentication Server update page in WatchGuard Cloud

Configure SSID Settings for an Access Point Site

To configure SSID settings for an Access Point Site in WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Access Points Sites.
  3. Select an existing site you created, or add a new site.
  4. In the Subscribed Devices tab, make sure your access points are subscribed to the site.
  5. From the Configuration Details tab, in the Wi-Fi Networks widget, click SSIDs.
  6. Click Add SSID.
  7. In the SSID Name text box, type an SSID name. In this example, we use Guest-Hotspot.
  8. Enable the Broadcast SSID check box.
  9. From the SSID Type drop-down list, select Guest.
  10. From the Radio drop-down list, select 2.4 GHz and 5 GHz.
  11. From the Security drop-down list, select Open.
  12. In the Network section, select Bridged.

    13. Screenshot of the Add SSID page in WatchGuard Cloud

  13. Click Save.
  14. To apply the configuration to your access points, click Schedule Deployment in the banner at the bottom of the page.
  15. Type a Description for the deployment.
  16. Click Deploy, then click Close.

Configure an Authentication Domain for an Access Point Site

To configure Authentication Domain settings for an Access Point Site:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Access Point Sites.
  3. Select the Access Point Site.
  4. From the Configuration Details tab, in the Authentication section, click Domains.
  5. Click Add Authentication Domain.
  6. From the Select an existing Authentication Domain drop-down list, select the domain you created in the Add RADIUS Authentication Domain to WatchGuard Cloud section.
  7. From the RADIUS Authentication Server drop-down list, select the RADIUS authentication server.
  8. From the RADIUS Accounting Server drop-down list, select the RADIUS accounting server.

    9. Screenshot of the Add Authentication Domain page in an Access Point Site

  9. Click Save
  10. To apply the configuration to your access points, click Schedule Deployment in the banner at the bottom of the page.
  11. Type a Description for the deployment.
  12. Click Deploy, then click Close.

Configure a Captive Portal for a Guest SSID

To add a captive portal to an SSID:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Access Point Sites.
  3. Select the Access Point Site.
  4. From the Configuration Details tab, in the Portal widget, click Captive Portal.
  5. Click Add Captive Portal.
    The Add Captive Portal page appears.
  6. From the SSID drop-down list, select the SSID you created.
  7. From the Captive Portal Type drop-down list, select Third-party hosted.

    8. Screenshot of the Add Captive Portal page in WatchGuard Cloud

  8. Click Next.
  9. In the Captive Portal Provider drop-down list, select ADIPSYS.
  10. In the Splash Page URL text box, type the portal splash page URL from the ADIPSYS hotspot configuration. To find the correct URL, check the captive portal settings in Hotspot Manager. For more information, go to the ADIPSYS Hotspot Manager support documentation.
  11. In the Shared Secret text box, type the UAM secret you configured when you added the access controller in Hotspot Manager.
  12. From the Authentication Domain drop-down list, select the authentication domain you created in the Add RADIUS Authentication Domain to WatchGuard Cloud section.
  13. (Optional) In the Walled Garden section, click Add Destination to add domains or IP addresses that users can access before they connect through the splash page.
  14. Leave the other options at their default settings.

    15. Screenshot of Captive Portal configuration in WatchGuard Cloud

  15. Click Finish.
  16. Return to the Configuration Details page of the Access Point Site.
  17. To apply the configuration to your access points, click Schedule Deployment in the banner at the bottom of the page.
  18. Type a Description for your deployment.
  19. Click Deploy, then click Close.

Test the Hotspot Manager Integration

To test the ADIPSYS Hotspot Manager integration with a WatchGuard Cloud Access Point:

  1. Use a wireless client to connect to the SSID you created in WatchGuard Cloud.
    The user browser is redirected to the ADIPSYS Hotspot Manager splash page.
  2. Complete the requested information to connect through the splash page.
    The configured Landing Page or specified external page appears.
  3. Access the Internet through the captive portal.