Technical Tip: Change the FortiGate Captive Portal Port

gbarreto · ‎07-05-2016

Description

This article describes how to change the FortiGate's captive portal listening ports for HTTP/HTTPS connections.

Scope

FortiGate, Captive Portal

Solution

By default, the FortiGate will listen on TCP/1000 and 1003 for HTTP/HTTPS connections if Captive Portal functionality is enabled on an interface. Clients that trigger captive portal authentication on the FortiGate will be redirected to the captive portal with the port/protocol set based on the triggering traffic (i.e., client HTTP traffic triggers redirect to HTTP captive portal port, whereas client HTTPS traffic redirects to HTTPS port).

To change these to a different set of ports, modify the following CLI options:

config system global

set auth-http-port <1-65535, default = 1000>

set auth-http-port <1-65535, default = 1003>

end

Additional options exist to enhance captive portal functionality on the FortiGate, including the ability to redirect HTTP and HTTPS users towards an HTTPS captive portal (for encryption/security reasons), specify different IPs/FQDNs to redirect users towards for the captive portal, and adjust how long users may remain connected before needing to reauthenticate.

Related documents:

Technical Tip: Using secure authentication (HTTPS) on a FortiGate and redirecting the authenticatio...

Technical Tip: FortiGate configured with multiple captive portals and as a DNS server

Technical Tip: Explanation of auth-timeout types for Firewall authentication users

Captive portals

Technical Tip: Change the FortiGate Captive Portal Port

Description

Scope

Solution

You are leaving our website