Technical Tip: Trigger a captive portal only when specific websites are accessed while blocking access to all other websites

raksshaya · ‎12-20-2024

Description

This article describes how to configure FortiGate to trigger a captive portal only when specific websites are accessed, ensuring that the portal does not appear during general internet usage.

Scope

FortiGate.

Solution

Create web rating override:

Go to Security Profiles -> Web Rating Overrides -> Create new.
Enter the URL and override to Custom Categories, sub-Category custom1.
Enter all the specific URLs that should prompt the captive portal and change the category to Custom.

Screenshot 2024-12-20 170711.png

Web Profile.
- Go to Security Profiles -> Web Filter -> Create new.
- Select anywhere on the category and ctrl + A to select all categories and set action Block to block all the websites.
- Set custom1 action to Authenticate.
- Specify the user group who can access that website.
Policy:
- Go to Policy & Objects -> Firewall policy.
- Add the newly created web filter profile to the relevant policy and configure SSL inspection as Deep Inspection.
- Download the Deep inspection certificate to the local machine.
- Save the policy.
The authentication will work in Webfilter. Proxy based and the firewall policy is proxy based.
Download the certificate:
- Go to Policy -> SSL inspection -> Edit.
- Download the certificate.
- Open the downloaded file .cer.
- Select Install the certificate.
- Select Local machine.
- Select 'Place all certificates in the following store' and Browse the 'Trusted Root Certificate Authorities' folder.
- Select finish.
- Note if the import is successful.

Technical Tip: Trigger a captive portal only when specific websites are accessed while blocking access to all other websites

You are leaving our website