Description
This article describes on how to point the same FQDN to 2 or more SSID captive portals having different interface IPs. The end users will only see the FQDN as the captive portal address instead of the interface IP in 2 or more SSIDs deployed in the network.
Scope
FortiGate with a managed FortiAP connected to the unit and having 2 tunnel mode SSID’s configured (testcaptive and testcaptive2). Both the SSID’s have a captive portal for authentication with different Interface IPs resolving to the same FQDN.
SSID |
INTERFACE IP |
TestCaptive |
192.164.1.1 |
TestCaptive2 |
192.168.144.1 |
Solution
1) Set up the firewall auth-portal address from the CLI of the FortiGate:
# config firewall auth-portal
set portal-addr "portal.example.org"
end
2) Set the SSIDs in the Wifi and switch controller section. Follow the article below to configure the SSIDs.
3) Once the SSIDs are created, make sure the DNS Server option under DHCP server is set to same as interface IP.
4) The Security mode settings of the SSIDs can have the authentication type as local or External and the user group defined (if needed).
5) Enable the DNS database from the feature visibility if not already enabled. Open the System - > Feature Visibility screen and enable DNS Database. Select Network - > DNS Servers. Set up the DNS Service on the interface. Select 'Create new' and select the interface and set mode to be recursive.
Replicate it for the other SSID (SSIDs if more than one is present) as well.
6) Add the Entry for 'portal.example.org' in the DNS DATABASE. Select Network - > DNS Servers - > DNS Database - > Create New. Fill out the DNS Zone details as below:
Add two entries for the respective SSID interface IPs. Select 'Create New' under DNS database and fill out the details as follows:
Replicate the same for the Interface IP of the other SSID:
7) When connected to any one of the SSID’s (captivetest and captivetest2) the authentication page should show portal.example.org in both the cases:
OUTPUT connecting to testcaptive:
OUTPUT when connecting to captivetest2
Related document:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/15882/creating-an-ssid
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.