Skip to main content
ble
Explorer
February 16, 2024
Question

IP-based Authentication

  • February 16, 2024
  • 1 reply
  • 1135 views

Hi,

 

I am wondering whether it would be possible to set up the following IP-based authentication mechanism on the FortiGate (v7.2):

  1. I want users to visit a login website which is served on the external interface of the FortiGate.
  2. After login, they should be authenticated based on IP address for some time and be allowed to access some systems behind the internal interface.

To this end, I configured the authentication settings under "User & Authentication" -> "Authentication Settings" as follows:

  • Authentication scheme is set to a form-based authentication scheme using a local user database.
  • Captive portal type is set to IP.
  • Captive portal is enabled and set to 10.0.0.2.
  • Protocol support for HTTP is enabled.

The external interface has 10.0.0.2 configured as its secondary IP address.

Now I would expect that http://10.0.0.2 serves a login page, but for some reason it does not. (I can see in the packet sniffer that the packets arrive at the FortiGate.)

 

Am I misunderstanding how form-based authentication is supposed to work? What would I need to do to achieve the desired workflow?

 

Thanks a lot in advance.

 

1 reply

hbac
Staff
Staff
February 16, 2024