DescriptionThis article explains how to enable captive portal exempt for a specific destination address.
SolutionWhen using captive portal authentication with WiFi SSID, the "captive-portal-exempt" setting in a firewall policy can be used to exempt captive portal authentication for specific destination addresses.Configuration CLI
config firewall policy
edit
set captive-portal-exempt enable
next
end
Example
The following configuration example explains how to exempt captive portal authentication for cnn.com for wireless users connected to Wifi_SSID.
Step 1) Create an address object for the cnn.com
config firewall address
edit "cnn.com"
set type fqdn
set fqdn "cnn.com"
next
end
Step 2) Create a firewall policy from the SSID interface to External with destination set to cnn.com and enable captive portal exempt.
config firewall policy
edit
set srcintf "Wifi_SSID"
set dstintf "WAN1"
set srcaddr "all"
set dstaddr "cnn.com"
set action accept
set schedule "always"
set service "ALL"
set captive-portal-exempt enable
set nat enable
next
end
The related KB article explains how to enable captive portal exempt for specific source addresses.
Related Articles
Technical Tip: Captive Portal Exempt list
