Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marcello
New Contributor II

Created on ‎06-14-2022 06:09 AM

auth-portal from different interfaces

Hi,

I have configured the captive portal on two different wired interfaces and everything works fine.
INT1 - 192.168.1.1 - LAN 192.168.1.0/24
INT2 - 192.168.2.1 - LAN 192.168.2.0/24
To eliminate the invalid certificate warning on the login page I uploaded the certificate and specified the portal-addr fqdn which is resolved with the firewal ip on INT1.
auth.domain.local -> 192.168.1.1
Being able to specify only one portal-addr, how can I reach it from clients that were on the other network 192.168.2.0/24?
I tried to create a policy but I can't reach the local IP 192.168.1.1 from the 192.168.2.0/24 network.

Can you give me a suggestion or analternative?

 

Thank you.

Labels:
2200
0 Kudos
1 Solution
GDiFi
Staff
Staff

Created on ‎06-14-2022 11:35 AM

When you say you created a policy are you talking about a firewall policy?  If so, you will probably need to edit INT2 interface and under the captive portal add 192.168.1.1 as an exempt destination so they will be allowed to access that IP prior to authenticating.

View solution in original post

2191
4 REPLIES 4
GDiFi
Staff
Staff

Created on ‎06-14-2022 11:35 AM

When you say you created a policy are you talking about a firewall policy?  If so, you will probably need to edit INT2 interface and under the captive portal add 192.168.1.1 as an exempt destination so they will be allowed to access that IP prior to authenticating.

2192
marcello
New Contributor II
In response to GDiFi

Created on ‎06-17-2022 02:56 AM

Thank you for answer.

After adding the exemption all works fine.

 

 

2153
0 Kudos
seshuganesh
Staff
Staff

Created on ‎06-14-2022 09:02 PM

Hi Team,

 

To eliminate the invalid certificate warning on the login page I uploaded the certificate and specified the portal-addr fqdn which is resolved with the firewal ip on INT1.
auth.domain.local -> 192.168.1.1

 

I believe you have configured this setting globallly under "config firewall auth-portal"
Can you configure per policy:

 edit <policyID>

  set auth-redirect-addr portal.example.org

 end

 

Also, you need to use two different domain because LAN IP for both networks is different.

Please test it and give us update.

2169
0 Kudos
marcello
New Contributor II
In response to seshuganesh

Created on ‎06-17-2022 03:06 AM

Thanks for the reply.
I can't find the "auth-redirect-addr" option.
I have FortiOS 7. From the cli reference guide it seems to exist, but when I try to set it I have a command fail error. It is possible that I have to enable something before?
2153
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.