Hello,
We have a new FG-60F connected to FortiAPs. We're using FortiOS 7.2.3 (latest
We have created a standard corporate SSID for staff, which works fine.
We want to also host a "Guests" SSID which uses a captive portal with email collection.
We have followed the guide at How to create a Guest SSID Network on FortiAP/FortiGate with Captive Portal+Email Collection - YouTu..., including the changes on the CLI and creating a firewall policy.
We have also created a custom captive portal page (at this point we just changed the logo)
We can get to the stage where a client joins the SSID, is presented with the captive portal page, can tick the disclaimer and enter their email address, but then when they submit the page, the web browser just redirects back to the captive portal.
We've tried rebooting the FortiGate, the client machine, "forgetting" the SSID and re-joining from fresh, but this keeps happening.
Has anyone seen this before? What might be going on here?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think I got to the bottom of this.
For testing, I was submitting an email address of xxx@test.com. The FortiGate was failing to validate the email account (understandably), but the FortiGate's default page for failed emails is exactly the same as the first email collection page, which was causing the confusion.
It appears to be working by submitting a valid email. Hurrah.
He hgl-it.
Why is understandably that the FGT is failling to validate the email account of your Guests users. How did you add the guess user domains so that fortigate could validate them correctly?
What should a valid email for the FGT be like?
Thanks.
Just to be clear.
The FGT performs a valid authentication if the email domain and MX records of the email domain being used for authentication are reached and resolved by the DNS that the FGT is currently using. If the FGT is using private DNS, these must be able to resolve the email domain and the MX records that correspond to this domain.
Are the DNS settings correct on the FGT?
Is there a valid route which will allow the FGT to reach the DNS servers?
DNS settings on the FGT must be correct to reach the email DNS.
There must be a valid route that allows the FGT to reach the email DNS servers.
Either of these being incorrect can cause all email validation to fail
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.