Security

last person joined: 11 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass and Meru/Fortinet WLC - Redirect Issue

Jump to Best Answer
This thread has been viewed 16 times
  • 1.  Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Aug 03, 2018 06:13 AM

    Hi all

     

    I have configured a Meru 3200 WLC as per the Clearpass-Meru PDF document that was written by Danny Jump. After completing the config, I can connect to the Meru splash page and can see that my browser is attempting to connect me to clearpass however I then get a redirect loop where the browser tries to take me back the meru, which then redirects me back to clearpass ad infinitum. 

     

    I've seen this sort of thing happen many times on Aruba and it is because the firewall rules are broken. I've tried a few changes on the firewall rules on the meru but all that seems to have done is break the captive portal completely.

     

    Anyone have any ideas? The Meru is running v8.4-1build-1 which is slightly different to the version in Danny's document which could be the issue.



  • 2.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Aug 03, 2018 08:03 AM

    Not familiar with Meru but redirect loops usualy indicate that you did not except (whitelist) http/https traffic to clearpass from the rules redirecting traffic to the portal.



  • 3.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Sep 07, 2018 12:26 PM

    Having a similar issue after upgrading to 8.4-1build-1 code. Was this resolved?



  • 4.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue
    Best Answer

    Posted Sep 08, 2018 06:55 AM

    Yes, I got it working eventually. The port number I was using was incorrect on the clearpass submit URL field. It should be:

     

    http://<clearpass_IP_or_URL>:8082/vpn/loginUser

     

    I need to create a guide for a customer and when I do, I'll share it here.



  • 5.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Sep 12, 2018 05:04 AM

    Hi guys,

    I've similar problem with a CP 6.7 and FortiWLC 8.4.1 build 1 (Meru).

    The procedure written on the document doesn't work for me with the specified versions of CP and FortiWLC.

     

    When I try to setup ont the FortiWLC the internal Captive portal with the customized pages, specified on the PDF, I get a redirect loop.

     

    I had to setup the FortiWLC with an external captive portal.

    The redirection to CPass Guest works fine.

     

    Also the authentication works fine when the Clearpass call back the FortiWLC after the user registration with the submit URL http://<FortiWLC_IP_or_URL>:8082/vpn/loginUser

     

    The real problem is that the client seems to stuck on a FortiWLC blank page after the authentication (http://FortiWLC:8082/vpn/loginUser).

     

    It' similar to the problem decribed on this page:

    https://community.arubanetworks.com/t5/Security/Meru-ClearPass-Guest/td-p/184950

     

    I would like to pass a fixed URL to the FortiWLC to redirect the client after authentication.

    I've tryed to force the url on the HTTP POST url, and with the CPass forcing but it doesn't work (or I cannot find the right variable)

     

    On the FortiWLC there is no way to force a rediretion URL after authentication.

     

    Do you have any suggestions?

    dave_m have you find a solution to the problem?

     

    Thanks

     



  • 6.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Oct 18, 2018 09:57 AM

    Dave_M, please let us know if you have created the guide. Thank you!



  • 7.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Mar 21, 2019 05:14 AM

    I can't find neither the guide by Danny Jump or any other clearp config for this. Dave, did you create a guide? Or can you direct me to one? Greatly appreciate it :)



  • 8.  RE: Clearpass and Meru/Fortinet WLC - Redirect Issue

    Posted Jul 16, 2021 08:21 AM
    Did you find this document?

    I'm trying to fix a site with Fortinet WLC-500D Controllers. This was working with their version 8.1. It's now on 8.5 and does not work (though I get the impression various people have been fiddling with it - no one is admitting it).

    In the original setup, when the original MAC-Auth for an unknown device came in ClearPass would respond with:
    The Controller would then assign the web-redirect to ClearPass for that MAC address. At which point the user would login against the captive portal...
    Once the device is registered, subsequent MAC-Auth ClearPass would send:
    This is now not working.

    Have anyone got screenshots of the Fortinet WLC key configuration components of a working environment?

    ------------------------------
    Derin Mellor
    ------------------------------