Skip to main content
Punnawit
Punnawit
New Member
April 4, 2025
Question

FortiGate Authentication issue

  • April 4, 2025
  • 5 replies
  • 1260 views

I use FortiGate to create Authentication for my local user. I create a policy for it, add user group in that policy. It works well for the past 3 months. Suddenly, last week everyone cannot access authentication page and unable to use internet under this policy. Why? And after I try to put user group out of that policy, everyone can access internet but didn't have to pass the authentication. I want to add user group into policy to force everyone to login through authentication. How?

5 replies

AEK
SuperUser
AEK
SuperUser
April 4, 2025

Are you using FortiAuthenticator?

If so then did you check the status of the connectivity between FGT and FAC?

AEK
    joshbergm
    joshbergm
    Explorer
    April 11, 2025

    Hi,

    Is the disclaimer option enabled in the firewall policy to prompt the users for authentication?

    Otherwise it will try to use passive authentication.

    mahff
    mahff
    New Member
    July 28, 2025

    Hi,

    This kind of issue often points to a problem with captive portal redirection, user group mapping, or recent changes in DNS or routing that interfere with the authentication flow.

    To restore proper redirection and ensure users are prompted to log in:

    • Double-check that your policy with the user group is correctly positioned—above any general allow rules.

    • Review the captive portal configuration to confirm it’s still active and properly defined.

    • Ensure the user group is still linked to the correct authentication method.

    • Verify that unauthenticated users are allowed DNS and HTTP/HTTPS access to trigger the redirection.

    • If you're using an external captive portal, confirm that the FortiGate integration is still valid and that redirection to the login page is permitted.

    You can refer to this guide for detailed steps on configuring and troubleshooting captive portal authentication with user groups and policy enforcement: https://help.cloudi-fi.com/hc/en-us/articles/28936913311261

     

    Hope this helps

    sjoshi
    Staff
    sjoshi
    Staff
    July 28, 2025

    Hi,

    I guess as you mention you are using local user.

    can you share me the snap of your firewall policy configure

    share:-

    config user setting

    Thanks, Salon
    adambomb1219
    SuperUser
    adambomb1219
    SuperUser
    July 28, 2025

    Why are you using local firewall users?

    Terms & ConditionsAccessibility statement