Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Punnawit
New Contributor

FortiGate Authentication issue

I use FortiGate to create Authentication for my local user. I create a policy for it, add user group in that policy. It works well for the past 3 months. Suddenly, last week everyone cannot access authentication page and unable to use internet under this policy. Why? And after I try to put user group out of that policy, everyone can access internet but didn't have to pass the authentication. I want to add user group into policy to force everyone to login through authentication. How?

5 REPLIES 5
AEK
SuperUser
SuperUser

Are you using FortiAuthenticator?

If so then did you check the status of the connectivity between FGT and FAC?

AEK
AEK
joshbergm
New Contributor III

Hi,

Is the disclaimer option enabled in the firewall policy to prompt the users for authentication?

Otherwise it will try to use passive authentication.

mahff
New Contributor II

Hi,

This kind of issue often points to a problem with captive portal redirection, user group mapping, or recent changes in DNS or routing that interfere with the authentication flow.

To restore proper redirection and ensure users are prompted to log in:

  • Double-check that your policy with the user group is correctly positioned—above any general allow rules.

  • Review the captive portal configuration to confirm it’s still active and properly defined.

  • Ensure the user group is still linked to the correct authentication method.

  • Verify that unauthenticated users are allowed DNS and HTTP/HTTPS access to trigger the redirection.

  • If you're using an external captive portal, confirm that the FortiGate integration is still valid and that redirection to the login page is permitted.

You can refer to this guide for detailed steps on configuring and troubleshooting captive portal authentication with user groups and policy enforcement: https://help.cloudi-fi.com/hc/en-us/articles/28936913311261

 

Hope this helps

sjoshi
Staff
Staff

Hi,

I guess as you mention you are using local user.

can you share me the snap of your firewall policy configure

share:-

config user setting

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi
adambomb1219
SuperUser
SuperUser

Why are you using local firewall users?

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors