Skip to main content
sjoshi
Staff
sjoshi
Staff
May 14, 2026

Troubleshooting Tip: After an upgrade to 7.6.6, the captive portal redirection page does not work

  • May 14, 2026
  • 0 replies
  • 352 views

Description


This article describes a technical issue where users are unable to redirect to the landing page after authenticating with the FortiGate. The issue occurs after upgrading to FortiOS 7.6.6. The user is able to authenticate successfully, but the redirection to the landing page does not work as expected.


Scope


FortiGate.


Solution

After upgrading the FortiGate from version 7.2.10 to 7.6.6, an issue can be observed with the post-authentication redirection page. Firewall authentication completes successfully, but the authenticated users are not redirected to the configured landing page. The authenticated user entry is visible in the authentication list and able to access the resources. The issue occurs only during the post-authentication redirection process when attempting to redirect users to the configured landing page.


This issue happens because of a custom HTML authentication replacement message. The custom authentication page contains a hidden redirection parameter as shown below:

Firewall Authentication
    </title>
  </head>
  <body>
    <div class="oc">
      <div class="ic">
        <form action="%%AUTH_POST_URL%%" method="post">
          <input type="hidden" name="%%REDIRID%%" value="https://www.fortinet.com"> >> this is the redirection page
          <input type="hidden" name="%%MAGICID%%" value="%%MAGICVAL%%">
          <h1 class="logo">
            Authentication Required
          </h1>
          <h2>
            Please log in with your corporate domain credentials
          </h2>
          <div class="fel">
            <label for="ft_un">


The support for defining redir through replacement message has been removed due to the 'Header injection in captive portal authentication form' vulnerability. It has been removed from 7.4.9,7.6.3, which is why it stopped working after the upgrade to 7.6.6.


Workaround:


Redirection can be configured directly from the firewall policy, as shown below:


config firewall policy
    edit 1
        set redirect-url "https://www.fortinet.com"
end

      Terms & ConditionsAccessibility statement