Fortinet white logo
Fortinet white logo

Cookbook

Configuring firewall authentication portal settings on FortiGate

Configuring firewall authentication portal settings on FortiGate

The following settings are required to avoid certificate and security errors on the client. After the user is authenticated using the external captive portal, the browser redirects briefly to the firewall authentication portal over HTTPS. The browser then redirects the user to the original URL or a specific URL.

The specific URL needs to be configured in the Redirect after Captive Portal option in Create New SSID dialog.

To configure firewall authentication portal address from the CLI:
  1. Enter the following commands to set to the firewall authentication portal address:

    config firewall auth-portal

    set portal-addr <addr> #portal-addr setting must be an FQDN that resolves to the interface IP address of the guest SSID. The client must be able to resolve this using the DNS server configured in the DHCP scope.

    end

To configure the firewall user settings from the CLI:
  1. Enter the following commands to set to the firewall user settings:

    config user setting

    set auth-type https

    set auth-cert "STAR-Aug21" #auth-cert must be a valid certificate that has been imported to the FortiGate and matches the FQDN used for the interface IP of the SSID. A wildcard certificate may be used.

    set auth-secure-http enable

    end

Configuring firewall authentication portal settings on FortiGate

Configuring firewall authentication portal settings on FortiGate

The following settings are required to avoid certificate and security errors on the client. After the user is authenticated using the external captive portal, the browser redirects briefly to the firewall authentication portal over HTTPS. The browser then redirects the user to the original URL or a specific URL.

The specific URL needs to be configured in the Redirect after Captive Portal option in Create New SSID dialog.

To configure firewall authentication portal address from the CLI:
  1. Enter the following commands to set to the firewall authentication portal address:

    config firewall auth-portal

    set portal-addr <addr> #portal-addr setting must be an FQDN that resolves to the interface IP address of the guest SSID. The client must be able to resolve this using the DNS server configured in the DHCP scope.

    end

To configure the firewall user settings from the CLI:
  1. Enter the following commands to set to the firewall user settings:

    config user setting

    set auth-type https

    set auth-cert "STAR-Aug21" #auth-cert must be a valid certificate that has been imported to the FortiGate and matches the FQDN used for the interface IP of the SSID. A wildcard certificate may be used.

    set auth-secure-http enable

    end