Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Creating an exempt policy to allow users to access the captive portal

If the FortiAuthenticator is not in the local user’s network, you need to create an exempt policy allowing users to access the FortiAuthenticator and reach the captive portal.

To create an exempt policy:
  1. Go to Policy & Objects > Firewall Policy and select Create New.
  2. Enter a policy name.
  3. In Incoming Interface, select the interface created to use an external captive portal.
  4. In Outgoing Interface, select the interface for DMZ.
  5. In Source:
    1. Select + to open the Select Entries window.
    2. In Address, search and select all.
    3. Select Close.
  6. In Destination:
    1. Select + to open the Select Entries window.
    2. In Address, select Create > Address, and in the New Address window, enter details related to the FortiAuthenticator SP. Click OK.
    3. Select Close.
  7. In Service:
    1. Select + to open the Select Entries window.
    2. Search and select HTTPS.
    3. Select Close.
  8. In the Firewall/Network Options pane, disable NAT.
  9. In Advanced pane, enable Exempt Captive Portal to exempt this policy from the captive portal.

    To make the Advanced pane visible:

    • Go to System > Feature Visibility.

    • Enable Policy Advanced Options.

    • Click Apply.

  10. Click OK.

Creating an exempt policy to allow users to access the captive portal

If the FortiAuthenticator is not in the local user’s network, you need to create an exempt policy allowing users to access the FortiAuthenticator and reach the captive portal.

To create an exempt policy:
  1. Go to Policy & Objects > Firewall Policy and select Create New.
  2. Enter a policy name.
  3. In Incoming Interface, select the interface created to use an external captive portal.
  4. In Outgoing Interface, select the interface for DMZ.
  5. In Source:
    1. Select + to open the Select Entries window.
    2. In Address, search and select all.
    3. Select Close.
  6. In Destination:
    1. Select + to open the Select Entries window.
    2. In Address, select Create > Address, and in the New Address window, enter details related to the FortiAuthenticator SP. Click OK.
    3. Select Close.
  7. In Service:
    1. Select + to open the Select Entries window.
    2. Search and select HTTPS.
    3. Select Close.
  8. In the Firewall/Network Options pane, disable NAT.
  9. In Advanced pane, enable Exempt Captive Portal to exempt this policy from the captive portal.

    To make the Advanced pane visible:

    • Go to System > Feature Visibility.

    • Enable Policy Advanced Options.

    • Click Apply.

  10. Click OK.