Skip to main content

Search

How can we help ?

Fortigate - Enable HTTPS Redirection to avoid web-browser warning

Alexandre de THOMASSON
  • Updated

Describes how to install a custom Certificate SSL on your FortiGate firewall to avoid HTTPS warnings

                                                            

Note: Your Cloudi-FI Guest SSID/Subnet should already be configured to apply the following procedure.

If you haven’t configured your Cloudi-FI Guest SSID yet, please follow this article: FortiGate integration.

1) Install the public certificate

Go to User & Devices Authentication Settings Certificate Create :

  • Add the certificate file

  • Add the private key file

  • Provide a password to protect your certificate

  • Provide a Name for this object

Then select this certificate and click Apply.

 

2) Enable HTTPS Redirection

Connect to the Fortigate GUI

Open the CLI console and run the following commands:

config user setting
   set auth-secure-http enable
   set auth-cert "guest.poc.cloudi-fi.net"
end

 

3) Configure an FQDN for your FortiGate

Configure an FQDN for your FortiGate:

 

This will result in the guest user being redirected to this FQDN instead of the Fortigate IP Address.

This also implies that you must provide/purchase a public certificate for this FQDN to avoid a certificate warning on the guest’s device.

 

Finally, the Cloudi-Fi Support team can provide you with a Cloudi-Fi certificate to make it easier.

This certificate should be renewed every year after the certificate expiration.

Always from the CLI Console, run the following commands:

config firewall auth-portal
    set portal-addr "guest.poc.cloudi-fi.net"
end

 

Note that guest.poc.cloudi-fi.net is a domain name owned by Cloudi-Fi. You could use this FQDN if you use the Cloudi-Fi public certificate.

If you prefer to use your domain and certificate, replace them with your domain.

4) Local DNS Record

Go to Network DNS Servers to configure the DNS database server with static DNS entries:

You may need to activate the feature in:
System - Feature Visibility - Additional Features - DNS Database.

Create DNS Service on Interface, where the guest users will be connecting, with Recursive as the mode:

Fortigate interface : Configure DNS Service with recursive mode

Next, create a DNS Database:

Fortigate console: Static DNS Entry

And within this DNS database, create the DNS static entry as shown below:

 

Save the settings in DNS; the next step is to edit your DHCP configuration on the Guest interface. You can choose between the IP address of your interface:

Fortigate admin: Edit DHCP server configuration

Or Specify a public IP address

5) Results

The users behind this Guest SSID will get IP from this DHCP range and will be able to resolve the static DNS entry (guest.poc.cloudi-fi.net) in the DNS database as below:

 

You can visit our Fortinet partner page here for more information about our solutions

More details about Cloudi-Fi Captive portal solutions

More details about Cloud-Fi SD Wan Solutions