Technical Tip: Captive Portal not coming up when eth0 and eth1 are on separate subnets and isolated

This article describes that depending on the environment, there are controls and/or requirements in place, on the network, that prevent incoming packets on the isolation VLAN going to eth1 and outgoing on eth0 are not able to reach back into the isolation VLAN. 

This would be especially apparent when using Captive Portal as this can prevent a browser from displaying the portal.

Setup 'setupAdvancedRoute' in order to configure policy-based split routing on the FortiNAC.

This allows packets going into an interface on the FortiNAC, to be sent out again, after processing, via the same interface. Steps were as follows:

1) Log into the CLI as root.

2) Type 'setupAdvancedRoute' at the prompt.

3) Type 'I' or 'i' to install.

Alternatively....

- Type 'F' or 'f' in order to update routes should a new interface be added (i.e. additional isolation sub-interface(s) is/are added such as registration, authentication, etc...)

4) to remove the config, type 'U' or 'u'.