Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
guptas
Staff
Staff

Created on ‎05-18-2021 10:37 PM Edited on ‎12-11-2023 03:07 AM By Moderator

Article Id 198738

Technical Tip: Unable to open websites in first attempt after user authentication / captive portal authentication loop

Description

 

This article describes the cause of Multiple 'HTTP' redirections when local authentication is enabled.
The user will face an auth loop issue if the user's machine is behind a router and after multiple tries user might be able to load the websites or the user will keep getting the auth page.

 

From version 5.6.4 and above, 'auth-src-mac' option is enabled in user settings by default.

Solution

 

This issue usually occurs when the captive portal authentication is enabled. By default, FortiGate will also check on the mac address of the client trying to authenticate and if the client is behind a router before reaching the firewall we will see the loop behavior.



MicrosoftTeams-image (13).png

 


This error could also be due to DNS resolution as well.

The commands to disable 'auth-src-mac' were added from the 6.0.2 version to resolve the issue.

 

config user setting
    set auth-src-mac disable
end

1381
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.