Skip to main content
Matteo
Matteo
Visitor III
July 7, 2016
Question

Local User Auth by using Captive Portal and redirection

  • July 7, 2016
  • 0 replies
  • 5987 views

Hi,

I already read many posts here regarding redirection issues with Captive Portal, but they didn't solve my problem and I'm going crazy.

My configuration is this one:

[ul]
  • FortiOS v5.2.7, build718
  • 1 interface (port4) with local Captive Portal enabled, authentication by groups
  • 1 external AP (Zyxel) connected to the interface (port4)
  • I followed this KB guide without success: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30760&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=38506158&stateId=0[/ul]

    and the code is this one:

    edit 34
        set srcintf "port4"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set groups "OMNIA-USERS"
        set auth-redirect-addr "auth-cert.fortinet.com"
        set nat enable
    next

    config user setting
        set auth-type http https
        set auth-cert "Fortinet_Wifi"
        set auth-secure-http enable
    end

     

    config system global
        [...]
        set auth-https-port 1442
        [...]
    end

     

    edit "fortinet.com"
        set domain "fortinet.com"
        set authoritative disable
        config dns-entry
        edit 1
            set hostname "auth-cert"
            set ip INTERFACE_IP
            next
        end
    next

     

    So, I configured a DNS entry for the auth-cert.fortinet.com URL pointing to the port4 interface IP (the DNS resolution works fine). "auth-cert.fortinet.com" is the URL configured in the CN field of the certificate (Fortinet_Wifi, one of the official Fortinet certificates). In this way I would expect the redirection and certificate are correctly configured.

     

    However, the problem is always the same:

    [ol]
  • I correctly connect to the interface (port 4 with Zyxel AP and no authentication).
  • I open a browser and I try to go to the www.google.com site.
  • I get a warning message that shows a bad domain, even if I configured a DNS entry for the CN field and the auth-redirect-addr parameter.
  • If I accept the warning, I am redirected to the Captive Portal page.
  • I insert valid user's credentials and then I am correctly redirected to the first page (www.google.com).[/ol]

    Where am I wrong? Any idea to remove the bad certificate warning?

    Many thanks in advance!!

    • Terms & ConditionsAccessibility statement