Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fiesta
New Contributor III

Created on ‎07-22-2022 04:23 AM

Captive Portal Auth but Login to FortiGate Instead 7.0.6

Dear Community,

 

I experience this weird issue when upgrading to 7.0.6

Here, basically, any user when trying to go to internet need to authenticate with active captive portal user will be redirect to http://fgtIPorfgtDomain:1000?tokenxxxxx

or  

https://fgtIPorfgtDomain:1003?tokenxxxxx

depend if you have HTTP or HTTPS.

 

The weird thing is, it shows fortigate admin login page instead of fortigate captive portal authenticate page, and the most weird of them all is user is capable of login and authenticate and enter fortigate admin page via existing configured LDAP.

 

fiesta_0-1658488774661.png

fiesta_1-1658488907569.png

That user is nowhere in administrator.

 

 

I took notice when user resolve the IP (because we using domain when captive portal shows up) to the fortigate which enabled https http ping ssh in it's administrative access and immediately disable the https, http, ssh access.

 

Have community ever experience?

Best regards.

FWD~

FWD~
FWD~
Labels:
1932
0 Kudos
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎07-24-2022 10:29 PM

Hello fiesta,

 

Thank you for using the Community Forum.

 

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
1911
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎07-26-2022 05:37 AM

Hello fiesta,

 

I am still looking for an answer to your question.

Meanwhile, could you please check this document?:

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/5aa2f71c-e133-11ec-bb32-fa163e...

 

Regards,

 

 

Anthony-Fortinet Community Team.
1900
0 Kudos
fiesta
New Contributor III
In response to Anthony_E

Created on ‎07-26-2022 06:25 AM

I have read it doesn't seem to mention captive portal in known issue which is the same as my case, probably not listed or maybe not yet known.


Best reagrds.

FWD~
FWD~
1897
0 Kudos
pminarik
Staff
Staff

Created on ‎07-26-2022 09:35 AM

That seems like some very unfortunate misconfiguration. I would suggest to check the following:
1, Which ports are used for admin access: 

get sys global | grep "admin-port\|admin-sport"

2, Check for any VIPs that might accidentally be redirecting ports 1000/1003 to 80/443:

show firewall vip:

show fire vip | grep -f extport

 

Lastly, if an arbitrary LDAP user is able to log into the admin GUI, make sure to review all LDAP groups referenced in your administrator configs. This sounds like one of these groups is very permissive. (perhaps matching anyone in that LDAP?)

[ corrections always welcome ]
1891
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.