Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sathapon_SS
New Contributor II

FAC Captive Portal with http

Hi,

 

I have a question about FAC as below.
1. I want to set Captive Portal on FAC as HTTP. but I found only HTTPS service on network setting. Can I set Captive Portal as HTTP?
2. Can FAC Provide a logout page after done login page?

 

My Network Diagram
Computer (wired) > Fortigate(Point External Portal to FAC)> FAC that provide Captive Portal.

 

Thank you.

1 Solution
bpozdena_FTNT

Hi Sathapon_SS,

 

1)Yes you can, but you probably shouldn't. If you for some reason must expose user credentials into the air, just enable HTTP service under your FAC interface and then point Fortigate external captive portal URL to  http://<FAC_IP>/portal/ .

 

2)You could technically logout on FAC, but it would not log you out on Fortigate unless you configure RADIUS CoA or implement your own solution via API. What you are probably looking for is a keep-alive page on Fortigate.  The keep-alive replacement page can even be customized based on your needs.

 

You could also host your own page externally and redirect to it. The page could have a logout link with  http://<Fortigate_IP/FQDN>:1000/logout? or https://<Fortigate_IP/FQDN>:1003/logout? .

 

HTH,

Boris

View solution in original post

2 REPLIES 2
bpozdena_FTNT

Hi Sathapon_SS,

 

1)Yes you can, but you probably shouldn't. If you for some reason must expose user credentials into the air, just enable HTTP service under your FAC interface and then point Fortigate external captive portal URL to  http://<FAC_IP>/portal/ .

 

2)You could technically logout on FAC, but it would not log you out on Fortigate unless you configure RADIUS CoA or implement your own solution via API. What you are probably looking for is a keep-alive page on Fortigate.  The keep-alive replacement page can even be customized based on your needs.

 

You could also host your own page externally and redirect to it. The page could have a logout link with  http://<Fortigate_IP/FQDN>:1000/logout? or https://<Fortigate_IP/FQDN>:1003/logout? .

 

HTH,

Boris

Sathapon_SS

Hi @bpozdena_FTNT ,

 

Thank you for the answer.