Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

IP-based Authentication



I am wondering whether it would be possible to set up the following IP-based authentication mechanism on the FortiGate (v7.2):

  1. I want users to visit a login website which is served on the external interface of the FortiGate.
  2. After login, they should be authenticated based on IP address for some time and be allowed to access some systems behind the internal interface.

To this end, I configured the authentication settings under "User & Authentication" -> "Authentication Settings" as follows:

  • Authentication scheme is set to a form-based authentication scheme using a local user database.
  • Captive portal type is set to IP.
  • Captive portal is enabled and set to
  • Protocol support for HTTP is enabled.

The external interface has configured as its secondary IP address.

Now I would expect that serves a login page, but for some reason it does not. (I can see in the packet sniffer that the packets arrive at the FortiGate.)


Am I misunderstanding how form-based authentication is supposed to work? What would I need to do to achieve the desired workflow?


Thanks a lot in advance.


Top Kudoed Authors