Created on 10-06-2022 02:01 AM Edited on 09-29-2024 09:24 PM By Anthony_E
Description |
This article describes the improvement, which was implemented and allows the configuration of multiple addresses for the authentication portal. |
Scope |
FortiGate v7.0.6 and newer versions. |
Solution |
Previous versions of the FortiOS did not allow configuring multiple addresses for the authentication portal.
It was possible to configure the address for the authentication portal globally:
config firewall auth-portal set portal-addr "fgt.test.lab" end
The FQDN is used in case the captive portal uses a secure-redirect to the FortiGate interface on port 1003, encrypting the connection with TLS (HTTPS). With HTTP unencrypted captive portals on FortiGate, this is not required. However, some browsers may show a warning that the traffic will be transmitted over an insecure connection. Using the encrypted variant will avoid that, but requires the use of an FQDN that would be covered by the SubjectAlternativeName on the HTTPS certificate, used in the Authentication settings on FortiGate.
Starting from FortiOS 7.0.6, an improvement was implemented so the addresses for the authentication portal can also be configured under the interface(s), which are configured as a captive portal. An example below:
edit "port2" set vdom "root" set ip 192.168.100.1 255.255.255.0 set allowaccess ping https http set type physical set security-mode captive-portal set auth-portal-addr "fgt.captive1.test.lab" set snmp-index 2 next
edit "port3" set vdom "root" set ip 192.168.200.1 255.255.255.0 set allowaccess ping set type physical set security-mode captive-portal set auth-portal-addr "fgt.captive2.test.lab" set snmp-index 3 next
As a result, now the captive portal configured on two interfaces can have separate addresses of the authentication portals, which will be resolved according to the IP address of the interface.
Separate authentication portals can be set on SSID interfaces too as shown below.
config wireless-controller vap |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.