Skip to main content
CorneJvV
CorneJvV
New Member
August 18, 2015
Question

Multiple Explicit Proxy Rules

  • August 18, 2015
  • 2 replies
  • 4827 views

Hello All

 

We replaced a TMG server with a FortiGate to work as an Explicit Proxy.

This Fortigate sits between to Cisco ASA’s on an MPLS and as such only  port 8080 traffic is routed to the FortiGate.

 

We have three FSSO groups that need to use the FortiGate as a Proxy.

(1. YouTube access, 2. Internet Access and 3. Limited Internet access)

 

If we create three Explicit policy rules only the top one is used.

If we create one Explicit policy rules and we set the action to Authenticate and add all three the FSSO with their various Web Filter Profiles, again only the top one is allowed.   

 

For some reason, only the top one is allowed and the rest ignored.

Can the Explicit policy allow three or more rules for different FSSO groups or can it do one policy with multiple FSSO groups using different Web Filter Profiles ?

 

Regards

Corné

    2 replies

    CorneJvV
    CorneJvVAuthor
    New Member
    August 19, 2015

    It is a FortiGate 100D running on version 5.2.3.

    CorneJvV
    CorneJvVAuthor
    New Member
    August 21, 2015

    The issue we had was with the White listing and Black Listing of the sites between the various profiles.

    FSSO works 100% on explicit Proxy for the three groups.

     

    The only issue we have now is when a user is Authenticated "diag debud authd fsso list"  and the users RDP's to a server.

    They log onto the servers with a server account, when they return to their PC's browser and try to access the web. the FSSO uses their local IP address with the Server account. "diag debud authd fsso list"

     

    Example:

    Before:      172.16.30.25           User Account         Groups: Internet Access

    After RDP: 172.16.30.25           Server Account       Groups: No Internet Access

     

     

    Terms & ConditionsAccessibility statement