Technical Tip: Flow of external Captive Portal authentication when configured directly on a bridge SSID

Workflow:

Steps:

1. The endpoint will be associated with FortiAP, but since the authentication method is a Captive Portal with external authentication, FortiAP cannot be set up as a local-standalone, so FortiGate will handle the association process.
2. After association, the endpoint will browse the Internet (original request) and will be redirected by the FortiAP to the external Captive Portal.
3. The endpoint will authenticate through the Captive Portal, and since the FortiAP is not standalone, the login information will be redirected to FortiGate's local Captive Portal.
4. FortiGate will redirect the endpoint to the original requested URL.

SSID config:

Note:

The workflow described above only applies when the external Captive Portal is referenced directly on a Bridge SSID. It does not apply to a Tunnel mode SSID, or to an external Captive Portal configured on physical/VLAN interfaces handling data traffic from Bridge SSID endpoints. For those scenarios, refer to the following article: Troubleshooting Tip: General captive portal explanation, flow and troubleshooting.