FCP_FWF_AD-7.4 Exam Dumps - FCP - Secure Wireless LAN 7.4 Administrator

Scenario Analysis:

The wireless client is redirected to a captive portal for authentication.

The authentication settings (see second exhibit) show:

Captive portal type: FQDN is selected.

Certificate: Fortinet_Factory (the default self-signed certificate).

The browser is reporting a certificate validation error when the redirection to the captive portal occurs.

Certificate Validation and Captive Portals:

When FQDN is used for captive portal redirection, the browser expects the SSLcertificate to be valid for the FQDN (e.g., “captive.company.com”).

If the certificate is self-signed or does not match the FQDN (common when using the Fortinet factory default certificate), the browser will trigger a certificate error.

This is a common issue when FQDN-based portals are used without a publicly trusted certificate matching the FQDN.

Option Analysis:

A. The FortiGate IP address in the POST parameters is using a numerical IP address

Not relevant; the browser validates the page being loaded, not the POST parameters.

B. The external server address is not the FQDN address

In this case, the external captive portal URL is using FQDN, as set in the authentication setting.

C. The used credential is not embedded in the captive portal parameters

Credential handling is not related to certificate errors; it would result in login/authentication failures, not browser SSL warnings.

D. The captive portal setting in the authentication setting is set to use FQDN as the captive portal type

Correct. When FQDN is used, the SSL certificate presented must be trusted and match the FQDN. The factory certificate will not match (it is not publicly trusted), so clients will see a validation error.

Summary:

Certificate validation fails because the captive portal is accessed via FQDN, but the FortiGate presents its self-signed factory certificate, which does not match the FQDN or is not trusted by browsers.