I am trying to setup an SSID in Bridge Mode, however there is no Captive portal option available. If I try to enable in CLI it goes back to tunnel mode. Thoughts anyone....
Hi
can you please tell me if you use a FAP in bridge and the traffic is allowed to go directly out from the FAP to the segment/subnet (nic of FAP is bridged) and for authentication you would like to use Captive Portal which is running on the FortiGate?
I think you go it? Can not be used in bridge mode and because of above info it makes sence because the traffic MUST not go to the FGT because of BRIDGED nic of FAP.
hope this helps
have fun
Andrea
You can't use the portal on the SSID when it is locally bridged because the traffic is exiting the FAP and is not reaching the Fortigate for authentication.
You have 2 possibilities:
- either change the wireless network to tunneled and configure the portal. That way users need to authenticate before accessing the network.
- configure the portal on the "internal" interface (or the interface you are using). In that case all users on the interface (both wired and wireless) need to authenticate when matching the policy (eg for internet access). But keep in mind that they will be able to access resources on the subnet the ap's are bridges into.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.