Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rvillegas
New Contributor

WIFI prompting with captive portal while set to WPA2-Personal

Hello all,

I have a client where WIFI is prompting as though captive portal is enabled while set to WPA2-Personal.

We've updated both firewall and APs to the most recent version 7.2, to no avail.
Next attempts will be a downgrade to observe if the issue persists on 7.0

I will be happy to add details or information as needed. Hoping someone can help.

**EDIT**

This issue started last Friday 11/4 (no changes or updates that we are aware of)

Current config:
config wireless-controller vap
edit "guest-test"
set ssid "testSSID"
set passphrase ENC 
set intra-vap-privacy enable
set schedule "always"
next
end

rvillegas_0-1668180541171.png


image.png

1 Solution
ebilcari

If you create a new SSID with similar configurations (PSK only) will it still present the captive portal to the users? If the new SSID works ok, you can try to delete this one and re-create the same SSID from scratch.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

6 REPLIES 6
ebilcari
Staff
Staff

There is a Security mode "WPA2 Personal with Captive Portal". You can check it under Wifi & Swtich Controller> SSIDs> (select SSID) under Wifi Settings.

The users can join using the PSK and after that being presented with a disclaimer or a second layer of authentication.

You can [Edit in CLI] to verify if there is any wrongly extra command that you can remove:

~

config wireless-controller vap
edit "PSK-MAC"
set ssid "PSK-MAC"
set security wpa2-only-personal+captive-portal
set passphrase ENC 
set portal-type disclaimer
set schedule "always"
next

~

set security wpa2-only-personal

unset portal-type

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
rvillegas

Thank you for your reply. The issue is that we do not want a captive portal and it is not set as such. I have added my config to the original post.

ebilcari

If you create a new SSID with similar configurations (PSK only) will it still present the captive portal to the users? If the new SSID works ok, you can try to delete this one and re-create the same SSID from scratch.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
rvillegas

Thank you! The new SSID is working properly.

pminarik
Staff
Staff

I'll add two additional cases that can result in captive portal being shown:

1, SSID is in bridge mode and the actual FortiGate interface that receives the traffic has a captive portal enabled.

2, The firewall policy processing the relevant traffic (e.g. SSID->internet) requires authentication (e.g. LDAP, RADIUS, local user; not FSSO/RSSO/WSSO)

 

Consider checking these as well.

[ corrections always welcome ]
rvillegas

Thank you for your reply - the SSID is in tunnel mode, I have added config and screenshot to original post. 

Labels
Top Kudoed Authors