Technical Tip: Multiple addresses for the authentication portal

This article describes the improvement, which was implemented and allows the configuration of multiple addresses for the authentication portal.

FortiOS 7.0.6 and newer versions.

Previous versions of the FortiOS did not allow configuring multiple addresses for the authentication portal.

It was possible to configure the address for the authentication portal globally:

# config firewall auth-portal

    set portal-addr "fgt.test.lab"

end

Starting from FortiOS 7.0.6, an improvement was implemented so the addresses for the authentication portal can also be configured under the interface(s), which are configured as a captive portal.

An example below:

    edit "port2"

        set vdom "root"

        set ip 192.168.100.1 255.255.255.0

        set allowaccess ping https http

        set type physical

        set security-mode captive-portal ß

        set auth-portal-addr "fgt.captive1.test.lab"

        set snmp-index 2

    next

    edit "port3"

        set vdom "root"

        set ip 192.168.200.1 255.255.255.0

        set allowaccess ping https http

        set type physical

        set security-mode captive-portal ß

        set auth-portal-addr "fgt.captive2.test.lab"

        set snmp-index 3

    next

As a result, now the captive portal configured on two interfaces can have separate addresses of the authentication portals, which will be resolved according to the IP address of the interface.