Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

Created on ‎05-27-2024 02:50 PM

What's happening with FOS 7.4.4 captive portal?

Hi FG admins

Today on a FortiOS 7.4.4 I accidentally tried active portal and it surprisingly popped-up on my PC a very nice desktop notification (bottom-right) with a click-button and telling that an active portal is present, like FortiNAC does in isolation. Is it me or a true active portal is finally here?

AEK
AEK
Labels:
1487
0 Kudos
9 REPLIES 9
AlexC-FTNT
Staff
Staff

Created on ‎05-30-2024 12:46 AM

good question. Not in Release notes as new feature, and the only fix related to captive portal is this:

955990 - Captive portal reappears repeatedly in the browser after importing user credentials.
So maybe something has changed in Windows to detect the captive portal and display it? 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1403
AEK
SuperUser
SuperUser
In response to AlexC-FTNT

Created on ‎05-30-2024 12:51 AM

Hi Alex

Thanks for your feedback. It is the same behavior on my Linux. So I still think something has changed in FOS active portal. I'll try dig more.

AEK
AEK
1397
AlexC-FTNT
Staff
Staff
In response to AEK

Created on ‎05-30-2024 12:53 AM

Before replying, I checked our devs portal, but could not find anything there either. It might help to add the FortiSwitch/ FortiAP tag to your post.. so it is seen by the Wireless team as well


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1394
pminarik
Staff
Staff

Created on ‎05-30-2024 01:47 AM

What was the previous version where you didn't notice this? This can give us a range to search for changes.

Which Windows version? 10? 11?

Lastly, where was this captive portal? On a physical interface? On an SSID? Or just a user/group added into a firewall policy?

 

So far I've checked 7.4.4 + Win10 + portal on phys intf, but haven't noticed anything special in packet captures. Only saw the client GET requesting http://www.msftconnecttest.com/redirect which prompted a redirect to the portal (which is nothing new).

[ corrections always welcome ]
1363
AEK
SuperUser
SuperUser
In response to pminarik

Created on ‎05-30-2024 02:11 AM

Hello

Actually it happened with my Linux client (Ubuntu), and I confirm that was not happening with my old FOS versions (6.x.x, 7.0.x). The first time I saw this behavior is with FOS 7.4.4.

With the old versions the active portal only appears if we manually open the browser and try access some site. While on 7.4.4 the popup window at bottom-right of my desktop appeared automatically without opening the browser.

The captive portal was configured on the interface.

Unfortunately I'm not on site now, but I'll try reproduce it and dig more once there.

AEK
AEK
1352
0 Kudos
pminarik
Staff
Staff
In response to AEK

Created on ‎05-30-2024 02:21 AM

The only potential feature I am aware of is advertising the captive portal via a DHCP option, but I did not see that advertised when I tested it just now (nor do I recall any discussions of implementing this in FortiOS).


I also noticed no interesting changes between 7.4.2 and 7.4.4, but if your previous sample is much older (e.g. 7.0.x), then that will be a bit rough to search such a wide range of versions.

 

This could also simply be the client OSs probing for a portal in the background (as usual) and the only new thing being that nice notification in the corner.

 

Anyway, if you do figure this out, let us know!

[ corrections always welcome ]
1344
JorgeLuis
New Contributor

Created on ‎07-25-2024 01:39 AM

After upgrade to 7.4.4 captive portal authentication fails.
network configured to require user authentication to access wan, using kerberos.

918
0 Kudos
AEK
SuperUser
SuperUser
In response to JorgeLuis

Created on ‎07-25-2024 02:02 AM

Are your portal users authenticated via LDAP?

If so then know that in 7.4.4 it is mandatory to add AD's SSL CA cert to FG.

This post should help:

https://community.fortinet.com/t5/Support-Forum/SSL-VPN-Failure-Permission-Denied-455-after-update-t...

 

AEK
AEK
914
JorgeLuis
New Contributor
In response to AEK

Created on ‎07-25-2024 02:29 AM

After CA certificates imported kerberos authentication is working again.

Thank you very much  

906
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.