I use FortiGate to create Authentication for my local user. I create a policy for it, add user group in that policy. It works well for the past 3 months. Suddenly, last week everyone cannot access authentication page and unable to use internet under this policy. Why? And after I try to put user group out of that policy, everyone can access internet but didn't have to pass the authentication. I want to add user group into policy to force everyone to login through authentication. How?
Are you using FortiAuthenticator?
If so then did you check the status of the connectivity between FGT and FAC?
Hi,
Is the disclaimer option enabled in the firewall policy to prompt the users for authentication?
Otherwise it will try to use passive authentication.
Hi,
This kind of issue often points to a problem with captive portal redirection, user group mapping, or recent changes in DNS or routing that interfere with the authentication flow.
To restore proper redirection and ensure users are prompted to log in:
Double-check that your policy with the user group is correctly positioned—above any general allow rules.
Review the captive portal configuration to confirm it’s still active and properly defined.
Ensure the user group is still linked to the correct authentication method.
Verify that unauthenticated users are allowed DNS and HTTP/HTTPS access to trigger the redirection.
If you're using an external captive portal, confirm that the FortiGate integration is still valid and that redirection to the login page is permitted.
You can refer to this guide for detailed steps on configuring and troubleshooting captive portal authentication with user groups and policy enforcement: https://help.cloudi-fi.com/hc/en-us/articles/28936913311261
Hope this helps
Hi,
I guess as you mention you are using local user.
can you share me the snap of your firewall policy configure
share:-
config user setting
Why are you using local firewall users?
User | Count |
---|---|
2534 | |
1351 | |
795 | |
641 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.