Bridge Guest SSID on fortigate with external captive portal authentication on clearPass issue

Forum|Forum|1 year ago
February 13, 2025
1 reply
1241 views

Hi guys,

I am configuring a Guest SSID in Bridge mode on fortigate (FortiAP) with external captive portal authentication on aruba clearpass.

The redirection to the captive portal works correctly. Authentication works on some devices and some browsers, credentials are sent in https Post and requests are processed correctly by Aruba clearpass.

However, on some devices, authentication does not work and credentials are not sent to Clearpass.

Has anyone encountered this problem?

Best regards

FortiGate

jiahoong112

Staff

Kindly follow the document here to run a wireless client debug on the Fortigate which is the FortiAP's wlc: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Debugging-a-wireless-client-connection-issue/ta-p/196660

When reproducing the issue, simultaneously run a debug or packet capture on Clearpass to see whether the authentication packets are reaching Clearpass or not. If you are connected to Clearpass over an ipsec tunnel, fragmentation can occur which causes authentication to fail. When this happens, you'd want to configure pre-encapsulation on the ipsec tunnel: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IP-Packet-fragmentation-over-IPSec-tunnel/ta-p/265295

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded