- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Captive Portal Auth but Login to FortiGate Instead 7.0.6
Dear Community,
I experience this weird issue when upgrading to 7.0.6
Here, basically, any user when trying to go to internet need to authenticate with active captive portal user will be redirect to http://fgtIPorfgtDomain:1000?tokenxxxxx
or
https://fgtIPorfgtDomain:1003?tokenxxxxx
depend if you have HTTP or HTTPS.
The weird thing is, it shows fortigate admin login page instead of fortigate captive portal authenticate page, and the most weird of them all is user is capable of login and authenticate and enter fortigate admin page via existing configured LDAP.
That user is nowhere in administrator.
I took notice when user resolve the IP (because we using domain when captive portal shows up) to the fortigate which enabled https http ping ssh in it's administrative access and immediately disable the https, http, ssh access.
Have community ever experience?
Best regards.
FWD~
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello fiesta,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello fiesta,
I am still looking for an answer to your question.
Meanwhile, could you please check this document?:
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have read it doesn't seem to mention captive portal in known issue which is the same as my case, probably not listed or maybe not yet known.
Best reagrds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That seems like some very unfortunate misconfiguration. I would suggest to check the following:
1, Which ports are used for admin access:
get sys global | grep "admin-port\|admin-sport"
2, Check for any VIPs that might accidentally be redirecting ports 1000/1003 to 80/443:
show firewall vip:
show fire vip | grep -f extport
Lastly, if an arbitrary LDAP user is able to log into the admin GUI, make sure to review all LDAP groups referenced in your administrator configs. This sounds like one of these groups is very permissive. (perhaps matching anyone in that LDAP?)
