Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baptiste
Contributor II

FQDN redirect to IP adress on logon page

Hello,

When external users have to logon, I give them https://firewall.mydomain.com:1003 (I've load a 3rd party certificate).

but they are redirect to https://IP-ADRESS:1003 with a certificate error

 

Is there a way to fix the name used by FG to match my FQDN ?

 

Thanks !

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
1 Solution
localhost

I think you are missing following settings:

 

config firewall auth-portal
set portal-addr "portal.example.org"
end

 

config firewall policy

 edit <policyID>

  set auth-redirect-addr portal.example.org

 end

View solution in original post

7 REPLIES 7
Baptiste
Contributor II

Hi all,

Can you just tell me if you have issue : are you redirect to IP adress when accessing to https://firewall.mydomain.com:1003 (logon page)

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Baptiste

Hi all

I open a Ticket, so stay tuned 

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
localhost

I think you are missing following settings:

 

config firewall auth-portal
set portal-addr "portal.example.org"
end

 

config firewall policy

 edit <policyID>

  set auth-redirect-addr portal.example.org

 end

Baptiste

 

 

Thanks for this tip but I'm using Fortigate Captive Portal, not an external one

Extract from CLI doc :

auth-portal

Use this command to add an external authentication portal.

 

Is there a same parameter for FG captive portal ?

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
localhost

Have you tried it?

In my case this seems to work also when using the internal portal. Just replace portal.example.org with your internal DNS record for the FG Portal.

Baptiste

Thanks a lot, this is working well

 

Just need the first step :

config firewall auth-portal set portal-addr "portal.example.org" end

 

Additionnal step :  in my case, FG act as DNS server

SSID configuration : DNS Server : Same a Interface IP

Create a DNS Database on "DNS server" tab : Master Zone, type Shadow, not Autoritative

Create a single entry with myportal.mydomain.com pointing to FG Wifi Interface IP.

DNS Service on Interface : Select Wifi interface, recursive mode 

 

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
aramide
New Contributor

Above steps doesn't work for Fortiweb 7.4.0. Please provide guidance

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors