Certificate redirect authentication
Under User & Device > Authentication > Settings, select Redirect HTTP Challenge to a Secure Channel (HTTPS). This forces users to use secure connections to send their authentication information.
The following steps happen during a redirect:
1. User tries to access the Internet and the HTTP traffic hits the FortiGate security policy with authentication and HTTPS redirect enabled.
2. The FortiGate redirects the user with the HTTPS port and IP address of the interface connected to the user, such as internal.
3. User authenticates over the HTTPS connection as with normal authentication.
4. On successful authentication, the FortiGate provides access to the Internet as originally requested.