Description
This article describes how to create a captive portal in FortiGate to authenticate users accessing the network.
It also shows the redirect functionality that is commonly used together with the captive portal.
Scope
FortiGate v6.4 and above
Solution
Go to Policy & Objects -> Firewall Policy and select 'Create new/Edit'.
Enable the following features:
- Assign the User/Group in the source section and address the object. Use the 'all' address object if it is not wanted to specify any IP addresses.
config firewall policy
edit 1
set name "example-policy"
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set users "ami" <----- Name of user/group.
set disclaimer enable
set auth-cert "Fortinet_CA_SSL"
set nat enable
set redirect-url "www.fortinet.com"
next
end
- Enable disclaimer (Optional) in the policy using CLI:
config firewall policy
edit <x>
set disclaimer enable
next
end
- Redirect to a specific website after user authentication. Note that this option is available only if turning on the disclaimer option on item (2).
config firewall policy
edit <x>
set disclaimer enable
set redirect-url "www.fortinet.com"
next
end
The page will redirect to www.fortinet.com as per configuration in the CLI.
Related articles:
Technical Tip: Enabling and using the admin disclaimer page
Technical Tip: Configuring a disclaimer page on a FortiGate firewall policy
Technical Tip: FortiGate explicit proxy disclaimer
Technical Tip: How to configure different disclaimer for each protected domain
