The following settings are required to avoid certificate and security errors on the client. After the user is authenticated using the external captive portal, the browser redirects briefly to the firewall authentication portal over HTTPS. The browser then redirects the user to the original URL or a specific URL.
The specific URL needs to be configured in the Redirect after Captive Portal option in Create New SSID dialog.
- Enter the following commands to set to the firewall authentication portal address:
config firewall auth-portal
set portal-addr <addr> #portal-addr setting must be an FQDN that resolves to the interface IP address of the guest SSID. The client must be able to resolve this using the DNS server configured in the DHCP scope.
- Enter the following commands to set to the firewall user settings:
config user setting
set auth-type https
set auth-cert "STAR-Aug21" #auth-cert must be a valid certificate that has been imported to the FortiGate and matches the FQDN used for the interface IP of the SSID. A wildcard certificate may be used.
set auth-secure-http enable