Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Matteo
New Contributor

Created on ‎07-07-2016 02:11 AM

Local User Auth by using Captive Portal and redirection

Hi,

I already read many posts here regarding redirection issues with Captive Portal, but they didn't solve my problem and I'm going crazy.

My configuration is this one:

[ul]
  • FortiOS v5.2.7, build718
  • 1 interface (port4) with local Captive Portal enabled, authentication by groups
  • 1 external AP (Zyxel) connected to the interface (port4)
  • I followed this KB guide without success: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30760&sliceId=1...[/ul]

    and the code is this one:

    edit 34
        set srcintf "port4"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set groups "OMNIA-USERS"
        set auth-redirect-addr "auth-cert.fortinet.com"
        set nat enable
    next

    config user setting
        set auth-type http https
        set auth-cert "Fortinet_Wifi"
        set auth-secure-http enable
    end

     

    config system global
        [...]
        set auth-https-port 1442
        [...]
    end

     

    edit "fortinet.com"
        set domain "fortinet.com"
        set authoritative disable
        config dns-entry
        edit 1
            set hostname "auth-cert"
            set ip INTERFACE_IP
            next
        end
    next

     

    So, I configured a DNS entry for the auth-cert.fortinet.com URL pointing to the port4 interface IP (the DNS resolution works fine). "auth-cert.fortinet.com" is the URL configured in the CN field of the certificate (Fortinet_Wifi, one of the official Fortinet certificates). In this way I would expect the redirection and certificate are correctly configured.

     

    However, the problem is always the same:

    [ol]
  • I correctly connect to the interface (port 4 with Zyxel AP and no authentication).
  • I open a browser and I try to go to the www.google.com site.
  • I get a warning message that shows a bad domain, even if I configured a DNS entry for the CN field and the auth-redirect-addr parameter.
  • If I accept the warning, I am redirected to the Captive Portal page.
  • I insert valid user's credentials and then I am correctly redirected to the first page (www.google.com).[/ol]

    Where am I wrong? Any idea to remove the bad certificate warning?

    Many thanks in advance!!

    • 5494
    0 Kudos
    0 REPLIES 0
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.