Bridge Guest SSID on fortigate with external captive portal authentication on clearPass issue

Aghiles · ‎02-13-2025

Hi guys,

I am configuring a Guest SSID in Bridge mode on fortigate (FortiAP) with external captive portal authentication on aruba clearpass.

The redirection to the captive portal works correctly. Authentication works on some devices and some browsers, credentials are sent in https Post and requests are processed correctly by Aruba clearpass.

However, on some devices, authentication does not work and credentials are not sent to Clearpass.

Has anyone encountered this problem?

Best regards

Aghiles DO

jiahoong112 · ‎02-15-2025

Kindly follow the document here to run a wireless client debug on the Fortigate which is the FortiAP's wlc: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Debugging-a-wireless-client-connecti...

When reproducing the issue, simultaneously run a debug or packet capture on Clearpass to see whether the authentication packets are reaching Clearpass or not. If you are connected to Clearpass over an ipsec tunnel, fragmentation can occur which causes authentication to fail. When this happens, you'd want to configure pre-encapsulation on the ipsec tunnel: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IP-Packet-fragmentation-over-IPSec-tunnel/...

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

Bridge Guest SSID on fortigate with external captive portal authentication on clearPass issue

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website