Skip to main content
rvillegas
rvillegas
New Member
November 10, 2022
Solved

WIFI prompting with captive portal while set to WPA2-Personal

  • November 10, 2022
  • 2 replies
  • 5139 views

Hello all,

I have a client where WIFI is prompting as though captive portal is enabled while set to WPA2-Personal.

We've updated both firewall and APs to the most recent version 7.2, to no avail.
Next attempts will be a downgrade to observe if the issue persists on 7.0

I will be happy to add details or information as needed. Hoping someone can help.

**EDIT**

This issue started last Friday 11/4 (no changes or updates that we are aware of)

Current config:
config wireless-controller vap
edit "guest-test"
set ssid "testSSID"
set passphrase ENC 
set intra-vap-privacy enable
set schedule "always"
next
end

rvillegas_0-1668180541171.png


image.png

Best answer by ebilcari

If you create a new SSID with similar configurations (PSK only) will it still present the captive portal to the users? If the new SSID works ok, you can try to delete this one and re-create the same SSID from scratch.

2 replies

ebilcari
Staff
ebilcari
Staff
November 11, 2022

There is a Security mode "WPA2 Personal with Captive Portal". You can check it under Wifi & Swtich Controller> SSIDs> (select SSID) under Wifi Settings.

The users can join using the PSK and after that being presented with a disclaimer or a second layer of authentication.

You can [Edit in CLI] to verify if there is any wrongly extra command that you can remove:

~

config wireless-controller vap
edit "PSK-MAC"
set ssid "PSK-MAC"
set security wpa2-only-personal+captive-portal
set passphrase ENC 
set portal-type disclaimer
set schedule "always"
next

~

set security wpa2-only-personal

unset portal-type

Emirjon
rvillegas
rvillegasAuthor
New Member
November 11, 2022

Thank you for your reply. The issue is that we do not want a captive portal and it is not set as such. I have added my config to the original post.

ebilcari
Staff
ebilcariAnswer
Staff
November 11, 2022

If you create a new SSID with similar configurations (PSK only) will it still present the captive portal to the users? If the new SSID works ok, you can try to delete this one and re-create the same SSID from scratch.

Emirjon
pminarik
Staff
pminarik
Staff
November 11, 2022

I'll add two additional cases that can result in captive portal being shown:

1, SSID is in bridge mode and the actual FortiGate interface that receives the traffic has a captive portal enabled.

2, The firewall policy processing the relevant traffic (e.g. SSID->internet) requires authentication (e.g. LDAP, RADIUS, local user; not FSSO/RSSO/WSSO)

 

Consider checking these as well.

    rvillegas
    rvillegasAuthor
    New Member
    November 11, 2022

    Thank you for your reply - the SSID is in tunnel mode, I have added config and screenshot to original post. 

    Network_Fortinet
    Network_Fortinet
    New Member
    July 14, 2025

    I have the same problem when creating the SSID as tunnel mode with only WPA2 Personal, the user is getting the captive portal webpage direction. Just wondering if you have managed to resolve this problem?  

    Terms & ConditionsAccessibility statement