branch user --> 80F FW ==> IPSEC VPN ==> 1100E FW ==> Captive Portal ==> Internet
Common issue with the example scenario:
A common issue when configuring Captive Portal for this sample scenario is that Captive Portal does not work perfectly for vpn users behind 80F FW that come over the site-to-site IPSec vpn to the 1100E FW in order to access the internet. Common symptoms are:
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Regarding this:
Is it only about image not being appearing perfectly or the user does not get to authenticate as well?
If it is about imperfection in the image, please try to inspect by right-clicking on the browser and check under the network tab, reload the page and check if you see any error per se.
Personally I'm not a big fanboy of a Captive Portals, unless they are there for some reason like Disclaimer page, or email collector on FGT. Especially as they usually affect all the traffic passing through interface and handling exceptions is a bit painful. So I prefer per-policy identity and authentication handling. Which allows me to use stuff like FSSO, auth session inheritance for eg. from VPN so user do not need to authenticate multiple times, etc.
Another thing is that Captive portals are usually on ingress side (as below) not on egress.
Users - PC - Captive portal - interface - FGT...
Not sure I'd clearly connect missing images to captive portal. How about to have some more solid proof via debug, at least something like 'flow debug'. Which could be even filtered to specific site or image source, in case the issue is at least somehow reproducible and not completely random and intermittent.
If you have some evidence, then I'd suggest to open TAC ticket on it.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.