Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
obi
New Contributor

Guest User without authentication

Hi to everybody! I need to allow the access to some users to the internet but at the first connection I want to redirect them to a certain website. I realized it already with a Firewall policy, setting the option " Identity Based Policy" on enabled. There I have also the option " Enable Disclaimer and Redirect URL to" where I can insert my desired website. The problem now is that I need to create a " Firewall" Group an add a user with password to make everything work. My problem is that I whould show the user only the disclaimer page and after he accepts this he gets redirectet on my defined website without inserting username and password. Is there any possibility to skip the user authentication and redirect immidiately after the disclaimer page? I' m using a Fortigate 110c with Firmware v4.0,build0205,100629 (MR1 Patch 6) Thanks in advice, obi
11 REPLIES 11
Bromont_FTNT
Staff
Staff

This doesn' t answer your question, but if you want to stay on v4 MR1 then you really should upgrade to patch 10, there is a serious problem with patch 1 through 9. Read the CSB in the firmware section of the support site.
obi
New Contributor

Hi Bromont, thanks for your fast reply! If i upgrade to a newer Firmware (OS 5), does the configuration remains how it is, or have I to reconfigure the entire device? For me it isn' t neccessary to remain on v4.
Bromont_FTNT
Staff
Staff

It would probably be best to open a support ticket requesting the upgrade path from your current firmware. If you follow the upgrade path the current settings will remain.
obi
New Contributor

Ok thank you again! So I' ll contact the Fortinet support and then I' ll make a reply of what they say. Thanks!
ede_pfau
Esteemed Contributor III

Back to your original question: you can enable the disclaimer even in a ' regular' , non-IB policy. You have to do that in the CLI, though. I don' t have the exact command at hand now but you' ll find it immediately in the ' CLI Guide' . So a disclaimer without auth will work. I am not sure about the redirection, though. Keep us posted.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
ede_pfau
Esteemed Contributor III

And if I may give you an advice on the firmware: either update to the latest 4.1 patch, that will keep your config 100%. Or upgrade to the latest 4.3.14, going through some intermediate versions in 4.1, 4.2 and 4.3. You find all relevant upgrade information in the Release Notes that you download from the same folder where you get your firmware image from. Somewhere on the forums Eric posted an upgrade chart, you may find that by searching. But I think the RN are sufficient. Always make a backup of your configuration first, before starting any upgrade! Reason for not recommending v5 at the moment is that there are still some bugs in the firmware. Whereas 4.3 is really stable. (a word on my notation: ' 4.3.14' denotes v4.00 MR3 patch 14 in shorthand)

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
obi
New Contributor

Good evening! Great, I' ve made the upgrade to the latest v5... Tomorrow I' ll downgrade to the latest v4. Fortunately the device isn' t in use at the moment so it' s no problem if I loose the whole configuration However, I made already some tests with the v5 and there is now an option to set the disclaimer on a regular policy but without the possibility to redirect to an url. On the v5 I can' t find the redirect url option anywhere. I think I' ll make the downgrade first and check what changes. I' ll post reply asap. I hope that the downgrade will keep my configuration, to be able to test this faster. Thanks for your support! Regards, obi
obi
New Contributor

Hi! So I' m running now the v4.0,build0665,130514 (MR3 Patch 14). The result is: No redirecting url option and no disclaimer page option. The only setting which is aviable is the authentication page for username and password. Does anyone know which FW is the right one to solve my problem? Thanks, obi UPDATE: I just found the solution: It seems that the Fortigate via GUI doesn' t list all aviable options. In the Fortinet Knowledge Base I found the solution. [link=]http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&externalId=FD33394[/link] 1. Access to the CLI 2. Enter the following commands: FGT# config firewall policy FGT# edit 1 #Here you need to enter your rule number, you want to edit FGT# set disclaimer enable FGT# set redirect-url " http://www.fortinet.com" FGT# end With this solution you don' t need to create any user with password authentication. Thank you again for support, you show me the direction where I had to go! Redards, obi
ede_pfau
Esteemed Contributor III

Great that it works now! As I posted, it' s a CLI only option. BTW, you should not worry about losing the config when downgrading - you' ve made a backup before upgrading, right?

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors