Captive Portal On Fortigate Firewall

By /

A captive portal is used to enforce authentication before web resources can be accessed. Until a user authenticates successfully, any HTTP request returns the authentication page. After successfully authenticating, a user can access the requested URL and other web resources, as permitted by policies. The captive portal can also be configured to only allow access to members of specific user groups.

Captive portals can be hosted on the FortiGate or an external authentication server. They can be configured on any network interface, including VLAN and WiFi interfaces. On a WiFi interface, the access point appears open, and the client can connect to access point with no security credentials, but then sees the captive portal authentication page.

You Should Know:

1. Configuring Captive Portal on FortiGate:

  • Access the FortiGate web interface.
  • Navigate to User & Authentication > Captive Portal.
  • Enable the captive portal and select the interface where it should be applied.
  • Configure the authentication method (local or external server).
  • Set the portal page (default or custom HTML page).

Example CLI commands:

config user captive-portal
edit "Portal1"
set interface "port1"
set auth-method local
set portal-message "Welcome to the Network"
next
end

2. Testing the Captive Portal:

  • Connect to the WiFi network or interface where the captive portal is enabled.
  • Open a browser and attempt to access any HTTP site.
  • Verify that the captive portal page is displayed.
  • Enter valid credentials and confirm access to the web resources.

3. Troubleshooting Captive Portal Issues:

  • Check firewall policies to ensure traffic is allowed to the captive portal.
  • Verify that the correct interface is selected.
  • Use the following command to monitor captive portal logs:
    diagnose debug application fnbamd -1
diagnose debug enable

4. Advanced Configuration:

  • Integrate with external authentication servers like RADIUS or LDAP.
  • Customize the captive portal page using HTML/CSS.
  • Apply captive portal to specific user groups for granular access control.

Example for RADIUS integration:

config user radius
edit "RADIUS_Server1"
set server "192.168.1.100"
set secret "radius_secret"
next
end

What Undercode Say:

Captive portals are a powerful tool for network security, providing controlled access to web resources while ensuring user authentication. By leveraging FortiGate’s capabilities, administrators can enforce policies, integrate with external authentication systems, and customize user experiences. Below are additional Linux and Windows commands to enhance your understanding:

  • Linux:
  • Check network interfaces: `ifconfig` or `ip a`
    – Test HTTP connectivity: `curl http://example.com`
    – Monitor network traffic: `tcpdump -i eth0`

  • Windows:

  • Check network configuration: `ipconfig`
    – Test connectivity: `ping example.com`
    – Monitor network traffic: `netsh trace start capture=yes`

    For further reading, refer to the FortiGate Documentation.

References:

Reported By: Shamseer Siddiqui – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts:

Scroll to Top