Skip to main content
imran
imran
New Member
July 13, 2016
Question

User Authentication on Fortinet

  • July 13, 2016
  • 1 reply
  • 6734 views

I am using FortiGate 1000C and i have users our the network which browse internet after successfully authentication .But the problem is that the other user can also use some other users password to browse the internet.I want to have the user session at only one workstation on the network.If some other uses the same credentials .it shouldn't be login.

 

 

1 reply

emnoc
emnoc
New Member
July 13, 2016

So how does another user gain the other user credentials? A user credentials should be unique to that specific user and not shared. I don't think user-based policy will control that specific level  in a dynamic address toology.

 

imran
imranAuthor
New Member
July 13, 2016

The other user cann't gain .actually we have applied different policies on different groups .Some user share their username / passwords with their so the other one can access the websites/applications.We want to active the user at only one workstation rather than it'll have sessions on different 

xsilver_FTNT
Staff
xsilver_FTNT
Staff
August 8, 2016

Hello,

I'm sorry but that seems to me as bad security design in first place.

However some hints to that topic :

- what about to use per source IP based policies so there will be authentication required for specific user group and selected workstations based on their IP addresses. Hope that you at least enforce and have controll over IP addressing od DHCP, so you know, can predict and enforce per source IP policies ?

- or what about the FSSO + local user with Workstation parameter set so FSSO should be allowed for that user just from his workstation name ?

 

There are definitely some ways, but in general I would NOT recommend to share accounts in any way. If you wanna share/allow access through identity based policy for more users, then simply put them into allowed group. This way you can change the allowed users in any time just by changing members of the group.

 

Hope it helped a bit. Tomas

Terms & ConditionsAccessibility statement