NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Article Id 192630


This article describes that Captive Portal page is slow to build when Portal is secured with SSL Certificate.

If the Captive Portal is secured using a third party SSL Certificate, browsers need to be able to validate the authenticity of that certificate. 

This is done using CRL and OCSP protocols and requires external network access to various Certificate Authority (CA) sites.  

NAC acts as the DNS server for hosts in isolation (Registration, Remediation,etc). 

Therefore, it is important that certain domains are able to resolve while in isolation. 

Otherwise, certificate validation will fail to complete. 

This can cause the page to be very slow to build, or not build at all (depending upon the web browser and its security settings). 

To verify whether or not the Portal is using a Third Party SSL Certificate:

Login to the Administration UI.
For version 8.x: 
Got to System -> Security Settings -> Portal SSL.
For version 9.x: 
Go to Portal -> Portal SSL.



To provide appropriate IP resolution to isolated devices for completing SSL certificate authentication, the Allowed Domains List may need to be updated to include the appropriate domains.  
To identify domains that may need to be added, refer to the related KB article: