Free Preparation Discussions
MENU
Fortinet FCSS_LED_AR-7.6 Exam - Topic 2 Question 7 Discussion
Topic #: 2
A conference center wireless network provides guest access through a captive portal, allowing unregistered users to self-register and connect to the network. The IT team has been tasked with updating the existing configuration to enforce captive portal authentication over a secure HTTPS connection. Which two steps should the administrator take to implement this change? (Choose two.)
Goal: enforce captive portal authentication overHTTPSfor guests.
On FortiGate/FortiAuthenticator captive portal setups:
HTTP redirectis used so that when a guest browses to any HTTP site, their request is redirected to theportal URL.
Theportal URLitself must beHTTPSif you want a secure login page.
FortiOS captive portal and firewall authentication guidelines recommend:
EnablingHTTP redirectso unauthenticated HTTP traffic is transparently sent to the portal.
Configuring theportal URL with HTTPS, often referencing a certificate on FortiGate or FortiAuthenticator.
Therefore:
A . Enable HTTP redirect in the user authentication settings.This ensures unauthenticated HTTP requests are redirected to the (now HTTPS) portal.
D . Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator.This makes the login itself secure (TLS-protected).
Incorrect:
B-- You don't need a new SSID; the same SSID can use HTTPS portal.
C-- Disabling HTTP admin access on the SSID doesn't control the captive portal scheme; HTTPS enforcement is done by the portal configuration and redirect, not by admin-access flags.
Currently there are no comments in this discussion, be the first to comment!