External captive portal redirect (Entra ID) from a routed subnet

Forum|Forum|1 year ago
January 23, 2025
1 reply
880 views

Hello guys,

I have a cluster configured to ask users authentication using Entra ID account. This is working when using host connected to an interface that is directly managed by Fortinet (and it creates the local in policy for port 1003), but I need to make it works also from a routed subnet that is passing thru a transit interface (it’s an MPLS line), but the redirect doesn’t work for this interface.

I've created the zone and relative rules, but nothing to do.

any suggestion?

thanks in advance!

FortiGate

AEK

SuperUser

Hi Stich

I tried in my lab, a host connected to a router, and the router connected to FGT, on an interface on which I enable the active portal, and it works fine for me: the active portal is triggered when host's traffic tries to cross the firewall.

Or maybe I misunderstood your requirement?

AEK

stich86Author

New Member

I don’t have captive portal enabled on any interface, just an identity rule with ENTRA saml configuration

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded