Helpful ReplyHot!Captive portal attached to an interface but after authentication browser go loop

Author
tva79@icloud.com
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/10/18 23:10:16
  • Status: offline
2018/10/22 02:29:19 (permalink) 6.0
0

Captive portal attached to an interface but after authentication browser go loop

Hi all,
 I have attached a Captive Portal to my lan interface with a local group authentication.
 
From a pc client, when I open the browser for digit any website, the Fortinet login appear (correct)
 
I insert my username and password (correct)
 
Fortigate accept my credentials because I can see my user from "Monitor" -> "Firewall User Monitor" (correct)
 
the problem is now because in address bar of the browser, I can see a continuous loop of the address:
 
http://172.16.0.X/fgtauth?092321232323cdw2
http://172.16.0.X/fgtauth?021372123435ed82
http://172.16.0.X/fgtauth?010032723341c889
http://172.16.0.X/fgtauth?0933423487fd0fc44
 
and the website that I asked don't open.
 
Also if I open another tab in Chrome, I can see the same loop with the magic token that change continually.
 
Can I solve or debug this big problem?
 
I haven't found any documentation about diagnostic of Captive Portal feature.
 
thanks!
Andrea
 
 
 
 
 
 
 
#1
garylau
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/03 01:40:06
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2018/12/03 01:58:18 (permalink)
0
After upgraded to FortiOSv6.0 also face your problem.
My environment is Notebook>Wifi AP>FW
User after login success in (IE,Chrome,Firefox), the number at end of link path change continuous.
http://172.16.0.X/fgtauth?040b0181b0ea850a
http://172.16.0.X/fgtauth?xxxxxxxxxxxxxxxxx
Is there any changed in FortiOSv6.0? or bugs?
#2
TuncayBAS
Gold Member
  • Total Posts : 211
  • Scores: 16
  • Reward points: 0
  • Joined: 2005/07/01 03:17:46
  • Location: Ankara / Turkey
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2018/12/12 23:56:11 (permalink)
0
maybe bug.
 
update to 6.0.3

Tuncay BAS
RZK Muhendislik Turkey
NSE 4 5 6
FCESP v5
#3
garylau
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/03 01:40:06
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2018/12/13 17:34:20 (permalink)
0
Thanks~
But already in FortiOS v6.0.3
#4
IOS
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/23 04:45:05
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2019/01/23 05:59:54 (permalink)
0
Hello friends,
I also have the same problem.
I haven't found the solution yet.
#5
SteveRoadWarrior
Silver Member
  • Total Posts : 104
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/06/28 09:03:07
  • Location: east coast USA
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2019/01/23 13:57:37 (permalink)
0
same here.  we use this more than you'd think to provide limited access to back end systems.
 
any leads on workarounds?
#6
thende
New Member
  • Total Posts : 1
  • Scores: 2
  • Reward points: 0
  • Joined: 2019/03/19 14:06:05
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2019/03/19 14:11:25 (permalink) ☄ Helpfulby garylau 2019/03/22 02:31:03
5 (1)
Hi guys.
 
I've fixed it with the following:
 
config user setting
set auth-src-mac disable
end
 
I think that by default Fortigate will also check on the mac address of the client trying to authenticate and if the client is behind a router before reaching the firewall the loop is the behavior we'll see. That setting above disables it.
post edited by thende - 2019/03/19 14:15:59
#7
garylau
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/03 01:40:06
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2019/03/22 02:32:26 (permalink)
0
Thanks thende
Fixed It's works for me~
#8
Fortinotbad
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/26 05:34:38
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2019/06/26 05:54:42 (permalink)
0
Hey guys,
 
I need to warm up this thread a little bit. 
In our company we are running a cluster of 2 Fortigate 800D running 6.0.5 with FSSO configured (preferred method of authentication) and an LDAP user authentication as a fallback solution in case the FSSO doesn't work. 
 
Now we are facing a similar issue like the thread starter when some (randomly picked) users are authenticating against LDAP over the captive portal. The users try to access the internet, LDAP authentication page appears, users type in their valid user credentials and press enter. Now the authentication keepalive is active and they should be able to browse the internet by opening a new tab/window. Unfortunately, doing so results in the very same authentication keepalive page opening up over and over again with every new tab. Accessing the internet isn't possible this way. 
 
Now the solution mentioned by thende seems just to be the way to go for me but I'm a little afraid to enter this command as I am unaware of the impact it would have. Currently we have roughly 1,900 authenticated users passing through the firewall and I'd really like to avoid kicking all of them out by entering this command ;-)
 
Long story short: What kind of impact can be expected by entering this command in total?
Since we upgraded from 5.4.10 to 5.6.9 to 6.0.5 in one day only two weeks ago and "set auth-src-mac" was disabled all the time in our previous running version 5.4.10, I don't think I would disable a very important feature. Nevertheless I'd like to know as much as possible about the expected impact on the users and the whole Fortigate cluster.
 
Really appreciate your input, thanks a lot and best regards!
 
 
#9
Alivo_ FTNT
Silver Member
  • Total Posts : 70
  • Scores: 22
  • Reward points: 0
  • Joined: 2013/04/30 12:42:47
  • Location: Fortinet TAC Prague
  • Status: offline
Re: Captive portal attached to an interface but after authentication browser go loop 2019/07/09 04:25:27 (permalink)
0
auth-src-mac >  Source MAC check for firewall authentication as an enhancement of security. It is not compulsory.

It can cause issues described above if source MAC is changed after authentication. This would occuredon hosts that don't have FortiGate as their gateway. I can't see any negative impact on user experience after disabling this option.

 
#10
Jump to:
© 2019 APG vNext Commercial Version 5.5