When external users have to logon, I give them https://firewall.mydomain.com:1003 (I've load a 3rd party certificate).
but they are redirect to https://IP-ADRESS:1003 with a certificate error
Is there a way to fix the name used by FG to match my FQDN ?
2 FGT 100D + FTK200
3 FGT 60E
some FAP 210B/221C/223C/321C/421E
Go to Solution.
I think you are missing following settings:
config firewall auth-portal set portal-addr "portal.example.org"end
config firewall policy
set auth-redirect-addr portal.example.org
View solution in original post
Can you just tell me if you have issue : are you redirect to IP adress when accessing to https://firewall.mydomain.com:1003 (logon page)
I open a Ticket, so stay tuned
Thanks for this tip but I'm using Fortigate Captive Portal, not an external one
Extract from CLI doc :
Use this command to add an external authentication portal.
Is there a same parameter for FG captive portal ?
Have you tried it?
In my case this seems to work also when using the internal portal. Just replace portal.example.org with your internal DNS record for the FG Portal.
Thanks a lot, this is working well
Just need the first step :
config firewall auth-portal
set portal-addr "portal.example.org"
Additionnal step : in my case, FG act as DNS server
SSID configuration : DNS Server : Same a Interface IP
Create a DNS Database on "DNS server" tab : Master Zone, type Shadow, not Autoritative
Create a single entry with myportal.mydomain.com pointing to FG Wifi Interface IP.
DNS Service on Interface : Select Wifi interface, recursive mode
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.