Captive portal issue

Check if the certificate authority certificate you are signing with is installed on your browser.

Chrome > Settings > Security > Manage Certificates.

As I know this page should use http since its function is just to check if the host has internet access. Check the browser if there is any settings or extension that force every site to use https.

Well.. the error is pretty self-explanatory. The browser doesn't trust the CA that issued the server-certificate being presented.

I know you wrote that "it's already checked", but with all due respect I'd trust the browser's claim over yours.

1, On that error screen, click the red triangle and check what cert chain is being presented, up to the CA.

2, Inspect those certificates in details.

3, Compare the CA shown against the CA you're expecting to be used by the FortiGate for captive portals (by default controlled by config user settings > set auth-ca-cert).

Dear Ashik Jee,

I am still facing issues with the captive portal login page not redirecting properly through the Chrome browser. I reported this problem yesterday as well. The FortiGate technical team has informed me that the issue lies with the Chrome browser itself.

Could you please provide any updates or suggestions on how to resolve this issue? Your assistance would be greatly appreciated.

@fortigate Team,

Could you please confirm when the issue will be resolve.

Thank you.

Best regards,
Jagabandhu

+91-9439291306

Hi @ashik_k 

The issue with the captive portal is due to the latest update on Google Chrome. When we open the browser the connectivity test will happen with google.com which is HSTS sites.

As a workaround, you can try accessing non-HSTS sites like example.com, yahoo.com to get a captive portal. Once you authenticate the internet works fine for users.

Regards,

Shaik Babu.

Dear Sbabu,

As per your previous email, I will follow the suggested steps. However, it is not feasible to communicate this workaround to all 300 users. Users are questioning why the issue is specific to Chrome while other browsers work fine.

If any changes require in your FortiGate firmware end please do as soon as possible.

Could you please provide a permanent solution for this Chrome-related issue at the earliest?

Thank you for your assistance.

Best regards,
Jagabandhu

+91-9439291306

Dear Firewall Technical Team,

As I understand, the purpose of portal detection (with Chrome using http://www.gstatic.com/generate_204) is to automatically redirect users to the captive portal page before they try accessing an HTTPS site. Since redirecting HTTPS is not feasible without deep inspection (which isn't practical for guests or unmanaged users), I assume Chrome's change in behavior is temporary.

However, as per your explanation, what actions should we take on our end? It is essential for your technical team to address the root cause of this issue and propose a solution, whether through a firmware upgrade or configuration adjustments. This falls within your responsibility to resolve, not ours.

Please provide a timeline for the fix.

Best Regards,
Jagabandhu

+91-9439291306

Dear Firewall Technical Team,

As per your response, if there is indeed not much that can be done on the FortiGate side to modify this browser behavior, I need guidance on how to communicate this effectively to our users.

Please confirm if I should inform all FortiGate firewall users not to use Google Chrome and instead switch to Microsoft Edge for accessing the captive portal. I would appreciate a clear and formal response on this matter so that we can provide consistent instructions to all users.

Best Regards,
Jagabandhu
+91-9439291306