FortiADC Authentication policy based on IP range

Forum|Forum|4 years ago
December 10, 2021
1 reply
1507 views

Hi,

Is it possible to have an authentication profile which is always active on an Virtual Server except for one specific IP range/Subnet?

We had a rule on a Citrix Netscaler which we want to implement in a similar way on a FortiADC.

All connections to a Virtual machine must authenticate, use an Authentication profile, except for a specific IP range /Subnet they must not authenticate.

We could not find a "simple" solution for this on the FortiADC.

FortiADC

AEK

SuperUser

I think you can achieve it this way:

- Publish twice your web server (e.g.: on VS1 & on VS2)

- Enable authentication policy on VS1

- Don't enable auth policy on VS2

- Add policy on your firewall to allow only your specific IP range to access VS2

- Allow all to access VS1

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded