Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ivrak
New Contributor

Fortigate and a 3rd party captive portal

Hey all,

We use fortigates across all of sites and I'm in the process of setting up a captive portal to use with the wifi network, I noticed that fortigate has the option to enable captive portal and use an external one,

I enabled it and pointed it at the captive software, the issue I'm finding is it goes to a Fortigate Captive portal first and not to the 3rd party one,

Has anyone used an external one and if so are there any guides on how to set it up to work with a 3rd party system?

If I can use forti to do this, then I can add the captive portal to the wired connections as well as the wifi.

10.0.0.0.1 192.168.1.254
3 REPLIES 3
hbac
Staff
Staff

Hi @ivrak,

 

It seems to be an expected behavior. Does it redirect to the 3rd party after? 

 

When external captive portal providers are used, the authentication happens roughly as follows:

1) FortiGate triggers captive portal authentication (it redirects a user’s HTTP request to itself).

2) It then redirects to the external captive portal provider.

3) The user registers and/or authenticates.

4) The external captive portal provider reports the successful authentication back to FortiGate.

5) FortiGate triggers RADIUS authentication to the configured RADIUS server (typically the same server that provided captive portal); this is to get group information.

6) RADIUS authentication should be successful and return group information as applicable.

7) FortiGate accepts or denies the authentication based on successful user authentication and group membership.

8) If authentication is accepted, FortiGate directs the user to a specified URL or the original request.

 

Please refer to this article for more details: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-external-captive-portal-authenti...

 

Regards, 

Sheikh
Staff
Staff

Hello @ivrak ,

just for a reference, please check this technical document, where we configure FortiGate captive portal authentication via Fortiauthenticator. This might give you some idea about your third party captive software.

 

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-configure-FortiGate-Captiv...

 

regards,

 

Sheikh

 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Debbie_FTNT
Staff
Staff

Hey Ivrak,

there seems to be a largely identical forum thread:

https://community.fortinet.com/t5/Support-Forum/Fortigate-and-a-3rd-party-captive-portal/m-p/288129/...

I hope it helps :)

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Labels
Top Kudoed Authors