Fortinet black logo

Cookbook

5.5.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0

Configuring captive portal and security policies

Configuring captive portal and security policies

  1. On the FortiGate, go to Network > Interfaces and edit the internal interface.

    2. Under Admission Control, set Security Mode to Captive Portal.

    Set Authentication Portal to External, and enter the SAML authentication portal URL.

    Set User Access to Restricted to Groups, and set User Groups to any local group, as you’ll notice the FSSO group is not available; this local group won’t be used for access.

  2. Next go to Policy & Objects > Addresses and add the FortiAuthenticator as an address object.

    3. Then create an FQDN object of your Centrify tenant portal:

  • <your-tenant-id>.my.centrify.com

As this is an FQDN, make sure to set Type to FQDN.

  • Then go to Policy & Objects > IPv4 Policy and create all policies shown in the examples:
    • A policy for DNS,
    • for access from the FortiAuthenticator,
    • for Centrify bypass,
    • and the last policy for FSSO, including the SAML user group.

  • When finished, right-click each policy (except the FSSO policy), select Edit in CLI, and enter the following command:

    • set captive-portal-exempt enable

    next

    end

    This command exempts users of these policies from the captive portal interface.

    Previous
    Next

    Configuring captive portal and security policies

    1. On the FortiGate, go to Network > Interfaces and edit the internal interface.

      2. Under Admission Control, set Security Mode to Captive Portal.

      Set Authentication Portal to External, and enter the SAML authentication portal URL.

      Set User Access to Restricted to Groups, and set User Groups to any local group, as you’ll notice the FSSO group is not available; this local group won’t be used for access.

    2. Next go to Policy & Objects > Addresses and add the FortiAuthenticator as an address object.

      3. Then create an FQDN object of your Centrify tenant portal:

    • <your-tenant-id>.my.centrify.com

    As this is an FQDN, make sure to set Type to FQDN.

  • Then go to Policy & Objects > IPv4 Policy and create all policies shown in the examples:
    • A policy for DNS,
    • for access from the FortiAuthenticator,
    • for Centrify bypass,
    • and the last policy for FSSO, including the SAML user group.

  • When finished, right-click each policy (except the FSSO policy), select Edit in CLI, and enter the following command:

    • set captive-portal-exempt enable

    next

    end

    This command exempts users of these policies from the captive portal interface.

    Previous
    Next