Captive portal not in the Gateway

  • Hi all,

    I newbie captive portal and I would like to have some opinion and suggestion. The scenario that I'm working on is as follow :

    The organization has Fortigate Firewall as the gateway of the entire network. Due to some circumstance, we have created 1 pfsense server to handle DHCP and captive portal. The idea is because pfsense can do DCHP MAC address mapping while Fortigate cannot. However, all traffic will flow through Fortigate firewall as the gateway to go to internet.

    The question is, how I'm going to redirect user access on browser to the captive portal in pfsense while pfsense is not the gateway; then after authentication in pfsense will redirect back to Fortigate for continuing browsing ?

    P/S : I know this question quite ridiculous.

  • I think this is not possible.

    If pfsense is not the gateway for your clients your clients will not send any traffic to pfsense but just bypass pfsense and send it to fortigate.

    Not sure if it is working with on NIC on pfsense but if pfsense is your DHCP then the clients should use pfsense as the gateway.
    Allow all ports in the firewall for the clients and then the clients do hagve full access through pfsense but need to authenticate on CP.
    After that pfsense will route all traffic to the fortigate firewall/router.

    You can disable NAT on pfsense so that there is just routing.

    Another possibility could be that you try to run pfsense in bridge mode. So no routing and no NAT on pfsense.
    pfsense is just another "client" on the LAN. But the gateway still needs to be pfsense and pfsense will redirect it to fortigate.

Log in to reply