As per -
https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/578250/fortiauthenticator-as-a-wireless-guest-portal-for-fortigate
it says at the end "Configuring firewall authentication portal settings
on FortiGateThe following setting...
Question on Radius policy, I have a FortiGate connected to a FAC for 2
sets of users (both using the same LDAP source) One set is using a
policy, that requires chained authentication, (RSA Token server) and
that policy is at the top and it works fine...
Client laptop has a cert issued by Microsoft AD (via Intune) the Trusted
CA has been imported to the FAC 6.6.0 as per this video:EAP-TLS
Authentication with FortiAuthenticator | Identity and Access
ManagementThe fortigate is set to use the FAC / WPA2...
Need to amend slightly how guests register, and I don't think its
possible, with a Meraki solution, you get a webpage and it asks for the
email address of an approved person, you click submit. The approver gets
an email, and authorises it. That's it....
I have a working (99%) Captive portal, User gets a captive portal
registration page, fills in a few details and then it is set for admin
approval, the problem is, the user never gets sent the random password?
I have left the admin email address out o...
Thank you for your help, one question though, I dont have a certificate
yet, so surely, I would be able to "accept risk" on the browser and I
should still see the page?If I browse to it manually, I get "403
Forbidden" despite allowing guest portals o...
The FortiGate and FAC are on the same domain, so in the DNS SAN, I would
add the hostname of the gate and the FAC yes? myfortigate.local and
myfac.local?
I can arrange purchasing a cert for the FAC, but to get another public
signed cert for a "quick redirection" seems like a really bad design to
be honest. I assume, I can just use the hostname of the FAC in the cert
when I create the CSR? I wanted to ...
There is no other cookbooks or documentation that specified this, I just
assumed it was some sort of tunnelled http header as the FAC is trusted,
My question you have more or less answered, I am guessing I need to
create a CSR on the FAC, then get it...