Skip to main content
bfakhriddi
bfakhriddi
New Member
July 12, 2021
Question

AD FSSO with fortinet question

  • July 12, 2021
  • 2 replies
  • 2109 views

We have AD FSSO with fortinet-200E and groups are retrieved from Active Directory. I am admin with some roles assigned to my account in AD and based on that Fortinet select policy and then web filter and App filter.  I have to test some app filter and created policy for my IP only , and trying to avoid AD rules, but so far can't. So,  Is it possible to create policy with web and app filters so it will not read what is assigned  in AD roles? 

    2 replies

    mle2802
    Staff
    mle2802
    Staff
    September 16, 2023

    Hi @bfakhriddi,

    Please correct me if I am wrong but are you looking to exclude an IP from FSSO to do some web and app filters? If yes, then you can refer to this document to exclude IP from FSSO logon event "https://community.fortinet.com/t5/FortiGate/Technical-Tip-Excluding-IP-addresses-from-FSSO-logon-events/ta-p/196270"

    Regards,
    Minh

    A
    Anonymous_User
    Contributor
    September 17, 2023

    In this case, you might need to add a rule that includes only your IP address. So it is possible to create this following these steps:

     

    - Create an Address object using your IP Address (e.g. 192.168.1.1/32).

    - Create a policy using said object as source only without selecting any user or user group.

    - In the firewall policy view, make sure you select the "By sequence" view and place the new policy on top.

     

    If this doesn't work, go to Dashboard>Fortiview Sessions, add a "Source IP" filter using your IP, end all the sessions and try again. It is important to clear the sessions so they can match the new policy created. 

     

    Good luck.

    Terms & ConditionsAccessibility statement