Configuring Captive Portal and security policies
- On the FortiGate, go to Network > Interfaces and edit the internal interface.
- Go to Policy & Objects > Addresses and add the FortiAuthenticator as an address object.
- Then create the following FQDN objects:
Under Admission Control, set Security Mode to Captive Portal.
Set Authentication Portal to External, and enter the SAML authentication portal URL.
Set User Access to Restricted to Groups, and set User Groups to any local group.
- www.googleapis.com
- accounts.google.com
- ssl-gstatic.com
- fonts.gstatic.com
- www.gstatic.com
Then add the following Google subnets:
- 172.217.9.0/24
- 216.58.192.0/19
Then create ad address group, adding all created objects as members (in this example, g.suite-bypass).
set captive-portal-exempt enable
next
end
This command exempts users of these policies from the captive portal interface.