Security

Reply
Occasional Contributor I

Clearpass and Meru/Fortinet WLC - Redirect Issue

Hi all

 

I have configured a Meru 3200 WLC as per the Clearpass-Meru PDF document that was written by Danny Jump. After completing the config, I can connect to the Meru splash page and can see that my browser is attempting to connect me to clearpass however I then get a redirect loop where the browser tries to take me back the meru, which then redirects me back to clearpass ad infinitum. 

 

I've seen this sort of thing happen many times on Aruba and it is because the firewall rules are broken. I've tried a few changes on the firewall rules on the meru but all that seems to have done is break the captive portal completely.

 

Anyone have any ideas? The Meru is running v8.4-1build-1 which is slightly different to the version in Danny's document which could be the issue.

MVP

Re: Clearpass and Meru/Fortinet WLC - Redirect Issue

Not familiar with Meru but redirect loops usualy indicate that you did not except (whitelist) http/https traffic to clearpass from the rules redirecting traffic to the portal.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba Employee

Re: Clearpass and Meru/Fortinet WLC - Redirect Issue

Having a similar issue after upgrading to 8.4-1build-1 code. Was this resolved?

Occasional Contributor I

Re: Clearpass and Meru/Fortinet WLC - Redirect Issue

Yes, I got it working eventually. The port number I was using was incorrect on the clearpass submit URL field. It should be:

 

http://<clearpass_IP_or_URL>:8082/vpn/loginUser

 

I need to create a guide for a customer and when I do, I'll share it here.

New Contributor

Re: Clearpass and Meru/Fortinet WLC - Redirect Issue

Hi guys,

I've similar problem with a CP 6.7 and FortiWLC 8.4.1 build 1 (Meru).

The procedure written on the document doesn't work for me with the specified versions of CP and FortiWLC.

 

When I try to setup ont the FortiWLC the internal Captive portal with the customized pages, specified on the PDF, I get a redirect loop.

 

I had to setup the FortiWLC with an external captive portal.

The redirection to CPass Guest works fine.

 

Also the authentication works fine when the Clearpass call back the FortiWLC after the user registration with the submit URL http://<FortiWLC_IP_or_URL>:8082/vpn/loginUser

 

The real problem is that the client seems to stuck on a FortiWLC blank page after the authentication (http://FortiWLC:8082/vpn/loginUser).

 

It' similar to the problem decribed on this page:

https://community.arubanetworks.com/t5/Security/Meru-ClearPass-Guest/td-p/184950

 

I would like to pass a fixed URL to the FortiWLC to redirect the client after authentication.

I've tryed to force the url on the HTTP POST url, and with the CPass forcing but it doesn't work (or I cannot find the right variable)

 

On the FortiWLC there is no way to force a rediretion URL after authentication.

 

Do you have any suggestions?

dave_m have you find a solution to the problem?

 

Thanks

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: