| Description |
This article describes a situation on a FortiGate with Explicit Proxy and Authentication Rules configured where the https websites do not display the login pop-up page for user authentication. |
| Scope |
FortiGate v7.4.5. |
| Solution |
config system settings set gui-proxy-inspection enable set gui-explicit-proxy enable set gui-allow-unnamed-policy enable end
config web-proxy explicit set status enable set http-incoming-port 8080 set https-incoming-port 8080 end
config web-proxy global set proxy-fqdn "default.fqdn" end
config system interface edit "port1" set vdom "root" set ip 10.45.4.159 255.255.240.0 set allowaccess ping https ssh http telnet fgfm set type physical set snmp-index 1 next edit "port5" set vdom "root" set ip 10.195.4.195 255.255.240.0 set allowaccess ping https ssh http telnet fgfm set type physical set explicit-web-proxy enable set proxy-captive-portal enable set snmp-index 5 next end
config authentication scheme edit "testScheme1" set method basic set user-database "local-user-db" next end
config authentication setting set active-auth-scheme "testScheme1" set update-time 2025-01-02 22:33:35 set captive-portal-type ip end
config authentication rule edit "testAuthen1" set srcintf "port5" set srcaddr "all" set active-auth-method "testScheme1" next edit "testAuthen2SocSec" set protocol socks set srcintf "port5" set srcaddr "all" set active-auth-method "testScheme1" next end
config firewall proxy-policy edit 1 set name "TestExplicit1" set proxy explicit-web set dstintf "port1" set srcaddr "all" set dstaddr "all" set service "webproxy" set action accept set schedule "always" set groups "group1" next end
 When the users access https websites, the login pop-up page does not appear. As a result, users can access https websites without inputting the username or password.
To fix this: This problem is related to known issue (ID: 1116834). To fix it, upgrade the FortiGate firmware version to v7.4.9 or higher. |
