Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marcello
New Contributor II

auth-portal from different interfaces

Hi,

I have configured the captive portal on two different wired interfaces and everything works fine.
INT1 - 192.168.1.1 - LAN 192.168.1.0/24
INT2 - 192.168.2.1 - LAN 192.168.2.0/24
To eliminate the invalid certificate warning on the login page I uploaded the certificate and specified the portal-addr fqdn which is resolved with the firewal ip on INT1.
auth.domain.local -> 192.168.1.1
Being able to specify only one portal-addr, how can I reach it from clients that were on the other network 192.168.2.0/24?
I tried to create a policy but I can't reach the local IP 192.168.1.1 from the 192.168.2.0/24 network.

Can you give me a suggestion or analternative?

 

Thank you.

1 Solution
GDiFi
Staff
Staff

When you say you created a policy are you talking about a firewall policy?  If so, you will probably need to edit INT2 interface and under the captive portal add 192.168.1.1 as an exempt destination so they will be allowed to access that IP prior to authenticating.

View solution in original post

4 REPLIES 4
GDiFi
Staff
Staff

When you say you created a policy are you talking about a firewall policy?  If so, you will probably need to edit INT2 interface and under the captive portal add 192.168.1.1 as an exempt destination so they will be allowed to access that IP prior to authenticating.

marcello
New Contributor II

Thank you for answer.

After adding the exemption all works fine.

 

 

seshuganesh
Staff
Staff

Hi Team,

 

To eliminate the invalid certificate warning on the login page I uploaded the certificate and specified the portal-addr fqdn which is resolved with the firewal ip on INT1.
auth.domain.local -> 192.168.1.1

 

I believe you have configured this setting globallly under "config firewall auth-portal"
Can you configure per policy:

 edit <policyID>

  set auth-redirect-addr portal.example.org

 end

 

Also, you need to use two different domain because LAN IP for both networks is different.

Please test it and give us update.

marcello

Thanks for the reply.
I can't find the "auth-redirect-addr" option.
I have FortiOS 7. From the cli reference guide it seems to exist, but when I try to set it I have a command fail error. It is possible that I have to enable something before?
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors