Project Case: 802.1X and PacketFence Implementation with Aruba, Fortinet, and Fortigate

Objective: The objective of this project is to implement a secure, automated, and efficient network access control system using 802.1X authentication with PacketFence. The solution ensures seamless wired and wireless authentication using EAP-TTLS, along with automated guest management through Fortigate’s captive portal.

Network Components:

  • Aruba Switches – Handling wired network access.
  • Fortinet APs – Providing secure wireless connectivity.
  • Fortigate Firewall – Enforcing security policies and acting as a captive portal for guest access.
  • PacketFence – Providing Network Access Control (NAC) and authentication management.

Authentication Method:

  • EAP-TTLS for both wired and wireless authentication, ensuring secure credential transmission.

Automation of Guest Access via Fortigate Captive Portal:

  1. A script automates the creation of guest users in Fortigate.
  2. The script generates credentials, sets an expiration period, and assigns access policies.
  3. An email with the credentials is sent automatically to the guest user.
  4. Microsoft Power Automate picks up the email data and stores the credentials in a SharePoint list.
  5. SharePoint page dynamically displays the latest guest credentials, providing a central reference point for users needing access.

Benefits:

  • Enhanced Security: Secure authentication via 802.1X ensures only authorized users can access the network.
  • Seamless Guest Management: Automating Fortigate’s captive portal reduces administrative overhead.
  • Efficient User Experience: Guests receive credentials instantly via email, with an accessible repository on SharePoint.
  • Comprehensive Logging & Compliance: PacketFence tracks user authentication and access, providing full visibility for audits.

Conclusion: By integrating PacketFence with Aruba switches, Fortinet APs, and Fortigate for network access control, this solution ensures a robust, automated, and user-friendly authentication system. The automation of guest user creation and SharePoint integration further enhances efficiency and usability, making it an ideal solution for secure network access.