Welcome, Guest |
You have to register before you can post on our site.
|
Online Users |
There are currently 27 online users. » 0 Member(s) | 27 Guest(s)
|
|
|
Guest Portal |
Posted by: websponge - 03-12-2025, 10:23 AM - Forum: FortiAuthenticator
- No Replies
|
 |
https://docs.fortinet.com/document/forti...-fortigate
Configuring firewall authentication portal settings on FortiGate
The following settings are required to avoid certificate and security errors on the client. After the user is authenticated using the external captive portal, the browser redirects briefly to the firewall authentication portal over HTTPS. The browser then redirects the user to the original URL or a specific URL.
The specific URL needs to be configured in the Redirect after Captive Portal option in Create New SSID dialog.
To configure firewall authentication portal address from the CLI:
Enter the following commands to set to the firewall authentication portal address:
config firewall auth-portal
set portal-addr <addr> #portal-addr setting must be an FQDN that resolves to the interface IP address of the guest SSID. The client must be able to resolve this using the DNS server configured in the DHCP scope.
end
To configure the firewall user settings from the CLI:
Enter the following commands to set to the firewall user settings:
config user setting
set auth-type https
set auth-cert "STAR-Aug21" #auth-cert must be a valid certificate that has been imported to the FortiGate and matches the FQDN used for the interface IP of the SSID. A wildcard certificate may be used.
set auth-secure-http enable
|
|
|
Basic Traffic Debugging |
Posted by: websponge - 02-19-2025, 11:41 AM - Forum: Fortigate
- No Replies
|
 |
Code: diagnose debug flow show function enable
diagnose debug flow filter saddr X.X.X.X
diagnose debug flow filter saddr X.X.X.X
diagnose debug enable
diagnose debug flow trace start
To Stop Debug and reset:
Code: diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug disable
|
|
|
HA Setup |
Posted by: websponge - 02-18-2025, 03:43 PM - Forum: Fortigate
- No Replies
|
 |
By default, management services such as SNMP, remote logging, remote authentication and communication with FortiSandbox and so on, use a cluster interface. As a result communication from each cluster unit comes from a cluster interface instead of from the interface of an individual cluster unit and not from the HA reserved management interface.
If you want to use the HA reserved management interface for these features you must enter the following command:
Code: config system ha
set ha-direct enable
end
The result is that all management services use the HA reserved management interface. This means that individual cluster units send log messages and communicate with FortiSandbox and so on using the HA reserved management interface instead of one of the cluster interfaces. This allows you to manage each cluster unit separately and to separate the management traffic from each cluster unit. This can also be useful if each cluster unit is in a different location.
|
|
|
|