| Description | This article describes how to fix a problem where the HTTP Captive Portal redirection does not occur. |
| Scope | FortiGate. |
| Solution |
FortiGates support the optional use of a Captive Portal to provide authenticated access to both Wired and Wireless Interfaces.
Note: For Wireless Interfaces, the disclaimer option is not supported if the SSID is local bridged; the SSID has to be in Tunnel mode to configure the Disclaimer.
For the redirection to the Captive Portal to occur, the HTTP protocol option must be enabled in the User Authentication Options. If this option is not enabled, the HTTP captive portal page (or perhaps a simpler disclaimer message) will not display, and the user will not get authenticated access to the Internet (or whatever resources that the network provides access to).
This issue can be seen in both Wired and Wireless authenticated access configurations.
If it is seen that after enabling such a configuration, the captive portal does not display, check that the following HTTP User Authentication option is enabled under 'User & Authentication'/'Authentication Settings'.
To do this in the CLI:
config user setting (setting) set auth-type http (setting) end
It should look as follows:
config user setting (setting) show config user setting
Note: If the existing SSID has been configured in bridge mode, it is possible to convert an existing bridge mode SSID to a tunnel mode SSID by using the following commands:
config wireless-controller vap edit "Bridge" set ssid "bridge_example" set local-bridging disable next end
Related articles: Technical Tip: Convert an existing Tunnel SSID to Bridge mode SSID |
