Hi to everybody!
I need to allow the access to some users to the internet but
at the first connection I want to redirect them to a certain website.
I realized it already with a Firewall policy, setting the option " Identity Based Policy" on enabled. There I have also the option " Enable Disclaimer and Redirect URL to" where I can insert my desired website.
The problem now is that I need to create a " Firewall" Group an add a user with password to make everything work.
My problem is that I whould show the user only the disclaimer page and after he accepts this he gets redirectet on my defined website without inserting username and password.
Is there any possibility to skip the user authentication and redirect immidiately after the disclaimer page?
I' m using a Fortigate 110c with Firmware v4.0,build0205,100629 (MR1 Patch 6)
Thanks in advice,
This doesn' t answer your question, but if you want to stay on v4 MR1 then you really should upgrade to patch 10, there is a serious problem with patch 1 through 9. Read the CSB in the firmware section of the support site.
thanks for your fast reply!
If i upgrade to a newer Firmware (OS 5), does the configuration remains how it is, or have I to reconfigure the entire device?
For me it isn' t neccessary to remain on v4.
Back to your original question: you can enable the disclaimer even in a ' regular' , non-IB policy. You have to do that in the CLI, though. I don' t have the exact command at hand now but you' ll find it immediately in the ' CLI Guide' .
So a disclaimer without auth will work. I am not sure about the redirection, though. Keep us posted.
And if I may give you an advice on the firmware: either update to the latest 4.1 patch, that will keep your config 100%. Or upgrade to the latest 4.3.14, going through some intermediate versions in 4.1, 4.2 and 4.3.
You find all relevant upgrade information in the Release Notes that you download from the same folder where you get your firmware image from.
Somewhere on the forums Eric posted an upgrade chart, you may find that by searching. But I think the RN are sufficient.
Always make a backup of your configuration first, before starting any upgrade!
Reason for not recommending v5 at the moment is that there are still some bugs in the firmware. Whereas 4.3 is really stable.
(a word on my notation: ' 4.3.14' denotes v4.00 MR3 patch 14 in shorthand)
Great, I' ve made the upgrade to the latest v5...
Tomorrow I' ll downgrade to the latest v4. Fortunately the device
isn' t in use at the moment so it' s no problem if I loose the whole
However, I made already some tests with the v5 and there is now an option to set the disclaimer on a regular policy but without the possibility to redirect to an url. On the v5 I can' t find the redirect url option anywhere.
I think I' ll make the downgrade first and check what changes.
I' ll post reply asap. I hope that the downgrade will keep my configuration, to be able to test this faster.
Thanks for your support!
So I' m running now the v4.0,build0665,130514 (MR3 Patch 14).
The result is: No redirecting url option and no disclaimer page option.
The only setting which is aviable is the authentication page for username and password.
Does anyone know which FW is the right one to solve my problem?
I just found the solution:
It seems that the Fortigate via GUI doesn' t list all aviable options.
In the Fortinet Knowledge Base I found the solution.
1. Access to the CLI
2. Enter the following commands:
FGT# config firewall policy
FGT# edit 1 #Here you need to enter your rule number, you want to edit
FGT# set disclaimer enable
FGT# set redirect-url " http://www.fortinet.com"
With this solution you don' t need to create any user with password authentication.
Thank you again for support, you show me the direction where I had to go!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.