Technical Note: How to enable Captive Portal Exempt for specific destination address

Vbharath_FTNT · ‎02-19-2015

Description

This article explains how to enable captive portal exempt for a specific destination address.

Solution

When using captive portal authentication with WiFi SSID, the "captive-portal-exempt" setting in a firewall policy can be used to exempt captive portal authentication for specific destination addresses.Configuration CLI

config firewall policy
    edit
        set captive-portal-exempt enable
    next
end

Example

The following configuration example explains how to exempt captive portal authentication for cnn.com for wireless users connected to Wifi_SSID.

Step 1) Create an address object for the cnn.com

config firewall address
    edit "cnn.com"
        set type fqdn
        set fqdn "cnn.com"
    next
end

Step 2) Create a firewall policy from the SSID interface to External with destination set to cnn.com and enable captive portal exempt.

config firewall policy
    edit
        set srcintf "Wifi_SSID"
        set dstintf "WAN1"
        set srcaddr "all"
        set dstaddr "cnn.com"
        set action accept
        set schedule "always"
        set service "ALL"
        set captive-portal-exempt enable
        set nat enable
    next
end

The related KB article explains how to enable captive portal exempt for specific source addresses.

Related Articles

Technical Tip: Captive Portal Exempt list

Technical Note: How to enable Captive Portal Exempt for specific destination address

You are leaving our website