Fortinet black logo

Palo Alto Networks Integration

Home FortiNAC-F 7.2.0 Palo Alto Networks Integration
7.2.0
7.4.0
7.2.0

Disable Captive Network Assistant

Disable Captive Network Assistant

Devices that sense captive networks may trigger browsers because network connection is initially restricted.

iOS/macOS/Samsung Android

FortiNAC must not have Captive Network Assistant configured. This feature is disabled by default. If enabled, see section Disable CNA (iOS/macOS/Samsung Android) in the Captive Networks Assistant reference manual.

Note: This function is disabled for all portals for these operating systems.

Windows

By default, it is possible for Windows machines to automatically popup the default browser. Refer to the following article for more information:

https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/internet-explorer-edge-open-connect-corporate-public-network

The following options are available for disabling Windows Captive Portal Detection.

Note: These options are not necessary if only managed Windows machines are connecting and the Registry Key has been set as specified under Requirements.

Option 1: Prevent Captive Portal Detection (VPN Portal Only) for Windows

The zones.vpn file can be modified through the appliance CLI.

Add the following domains to /bsc/siteConfiguration/named/zones.vpn:

msftconnecttest.com

msedge.net

c-msedge.net

Option 2: Prevent Captive Portal Detection (All Portals) for Windows

Add the following domains to the Allowed Domains List. For instructions on adding domains, see Add a domain in section Allowed Domains of the Administration Guide.

msftconnecttest.com

msedge.net

c-msedge.net

Previous
Next

Disable Captive Network Assistant

Devices that sense captive networks may trigger browsers because network connection is initially restricted.

iOS/macOS/Samsung Android

FortiNAC must not have Captive Network Assistant configured. This feature is disabled by default. If enabled, see section Disable CNA (iOS/macOS/Samsung Android) in the Captive Networks Assistant reference manual.

Note: This function is disabled for all portals for these operating systems.

Windows

By default, it is possible for Windows machines to automatically popup the default browser. Refer to the following article for more information:

https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/internet-explorer-edge-open-connect-corporate-public-network

The following options are available for disabling Windows Captive Portal Detection.

Note: These options are not necessary if only managed Windows machines are connecting and the Registry Key has been set as specified under Requirements.

Option 1: Prevent Captive Portal Detection (VPN Portal Only) for Windows

The zones.vpn file can be modified through the appliance CLI.

Add the following domains to /bsc/siteConfiguration/named/zones.vpn:

msftconnecttest.com

msedge.net

c-msedge.net

Option 2: Prevent Captive Portal Detection (All Portals) for Windows

Add the following domains to the Allowed Domains List. For instructions on adding domains, see Add a domain in section Allowed Domains of the Administration Guide.

msftconnecttest.com

msedge.net

c-msedge.net

Previous
Next