Configuring the FortiGate to allow access to LinkedIn
- On the FortiGate, configure firewall addresses to allow users to access the LinkedIn login page.
- Go to Policy & Objects > IPv4 Policy and create a policy for LinkedIn authentication traffic.
- Then open the CLI Console. Using the policy's ID, enter the following command to exempt the LinkedIn authentication traffic policy from the captive portal:
The following step can be performed in the GUI, but may take considerably longer than using the CLI. You can copy and paste the commands below.
Open the CLI Console and enter the following, which creates the firewall addresses and adds them to a firewall address group called LinkedIn_Auth.
config firewall address
edit "www.linkedin.com"
set type fqdn
set fqdn "www.linkedin.com"
next
edit "api.linkedin.com"
set type fqdn
set fqdn "api.linkedin.com"
next
edit "static.licdn.com"
set type fqdn
set fqdn "static.licdn.com"
next
edit "help.linkedin.com"
set type fqdn
set fqdn "help.linkedin.com"
next
edit "www.fortinet.com"
set type fqdn
set fqdn "www.fortinet.com"
next
end
config firewall addrgrp
edit "LinkedIn_Auth"
set member "api.linkedin.com" "www.linkedin.com" "help.linkedin.com" "www.fortinet.com" "static.licdn.com"
next
end
Set Incoming Interface to the WiFi SSID interface and set Source Address to all.
Set Outgoing Interface to the Internet-facing interface and set Destination Address to LinkedIn_Auth.
Set Service to ALL and enable NAT. Configure Security Profiles accordingly.
config firewall policy
edit <policy_id>
set captive-portal-exempt enable
next
end
This command allows access to the external captive portal.