Description
This article explains how to redirect all computers within the network to a specific URL upon starting internet browsers.
For example, a guest walks into the meeting room with a laptop and connects to the 'Unprotected WiFi' which is the gateway controlled by the FortiGate. When the guest tries to enter 'www.google.com', they will be redirected to 'www.fortinet.com' for the first session.
For example, a guest walks into the meeting room with a laptop and connects to the 'Unprotected WiFi' which is the gateway controlled by the FortiGate. When the guest tries to enter 'www.google.com', they will be redirected to 'www.fortinet.com' for the first session.
Scope
FortiGate, FortiProxy.
Solution
This redirection can be obtained by first enabling the disclaimer in the firewall policy so that the firewall will interrupt traffic and redirect it to a specific URL.
Create or edit the desired firewall policy (from LAN to WAN) and then use the following commands:
Create or edit the desired firewall policy (from LAN to WAN) and then use the following commands:
To configure the Captive portal in the GUI.
- From FortiGate GUI, go to Network -> Interface then select the interface to which the users are connected. The interface must be a LAN or Undefined.
- Enable the security mode.
The following is the corresponding CLI configuration:
config system interface
edit "port1"
set vdom "root"
set type physical
set security-mode captive-portal
set security-redirect-url "http://www.fortinet.com"
set device-identification enable
set lldp-transmission enable
set role lan
set snmp-index 7
next
end
Note:
Since the firewall does not modify the encrypted traffic passing through the device, deep-inspection is required for HTTPS sites.
Related article:
Technical Tip: How to create FortiGate captive portal using policy
