- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
auth-portal from different interfaces
Hi,
I have configured the captive portal on two different wired interfaces and everything works fine.
INT1 - 192.168.1.1 - LAN 192.168.1.0/24
INT2 - 192.168.2.1 - LAN 192.168.2.0/24
To eliminate the invalid certificate warning on the login page I uploaded the certificate and specified the portal-addr fqdn which is resolved with the firewal ip on INT1.
auth.domain.local -> 192.168.1.1
Being able to specify only one portal-addr, how can I reach it from clients that were on the other network 192.168.2.0/24?
I tried to create a policy but I can't reach the local IP 192.168.1.1 from the 192.168.2.0/24 network.
Can you give me a suggestion or analternative?
Thank you.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you say you created a policy are you talking about a firewall policy? If so, you will probably need to edit INT2 interface and under the captive portal add 192.168.1.1 as an exempt destination so they will be allowed to access that IP prior to authenticating.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you say you created a policy are you talking about a firewall policy? If so, you will probably need to edit INT2 interface and under the captive portal add 192.168.1.1 as an exempt destination so they will be allowed to access that IP prior to authenticating.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for answer.
After adding the exemption all works fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
To eliminate the invalid certificate warning on the login page I uploaded the certificate and specified the portal-addr fqdn which is resolved with the firewal ip on INT1.
auth.domain.local -> 192.168.1.1
I believe you have configured this setting globallly under "config firewall auth-portal"
Can you configure per policy:
edit <policyID>
set auth-redirect-addr portal.example.org
end
Also, you need to use two different domain because LAN IP for both networks is different.
Please test it and give us update.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
