Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sbabu
Staff
Staff

Created on ‎01-21-2025 11:40 PM Edited on ‎02-27-2025 03:33 AM By Moderator

Article Id 370651

Technical Tip: How to alter the IP address of captive portal in FortiGate firewall for security purposes

Description

 

This article describes how to hide the FortiGate IP address for security purposes when users get authenticated through the captive portal.

 

Scope

 

FortiGate.

 

Solution

 

The FortiGate's IP address and port number are visible to the user when they attempt to authenticate in the captive portal if it is enabled at the interface or policy level.

 

CAP_1.png

 

This is a security risk as users can see the FortiGate IP address. To fix this, configure a random IP address that is not used in the network environment and also enable auth-secure.

 

config firewall auth-portal
    set portal-addr "172.16.17.18"
end

 

config user setting
    set auth-cert "Fortinet_Factory"
    set auth-ca-cert "Fortinet_CA_SSL"
    set auth-secure-http enable
end

 

After making the above changes, when the user tries to log in, the FortiGate will give a spoofed IP address in the captive portal.

 

CAP_2.png

315
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.