Configuring the FortiGate to allow access to the FortiAuthenticator
- On the FortiGate, go to Policy & Objects > Addresses and add the FortiAuthenticator firewall object.
- Go to Policy & Objects > IPv4 Policy and create the FortiAuthenticator access policy.
- Open the CLI Console and enter the following command to exempt the FortiAuthenticator access policy from the captive portal:
For Subnet/IP Range enter the IP address of the FortiAuthenticator.
Set Incoming Interface to the WiFi SSID interface and set Source Address to all.
Set Outgoing Interface to the Internet-facing interface and set Destination Address to the FortiAuthenticator address object.
Set Service to ALL and enable NAT.
Once created, note the policy's ID using the ID column.
config firewall policy
edit <policy_id>
set captive-portal-exempt enable
next
end
This command allows access to the external captive portal.