I Find and fix the problem..
I would like to change to....
Go to etc\inc there are the file captiveportal.inc...
Edit the file, go to line 423 and put the rule
# redirect non-authenticated clients to captive portal
add 19904 set 1 fwd 127.0.0.1,8001 tcp from any to any 443 in
# let the responses from the captive portal web server back out
add 19905 set 1 pass tcp from any 443 to any out
Works, if you have https on the captive portal,
put port 8000 if you have http on the login portal
(lost many days to find this issue )