User Authentication policy doesn't work.

Forum|Forum|10 years ago
March 5, 2016
1 reply
5276 views

Hello,

my FGT 100D has 5.2.4 firmware version.

I tried more time to configure User Identity Policy to prevent access from an interface to another based on user/group rule, but i didn't receive any user and password request across my browser.

In older firmware It worked fine.

How can I solve it?

Yhanks

xsilver_FTNT

Staff

Hello,

I'd suggest to use debug flow tool or session list to check which firewall policy was used/applied on the traffic. As it might appear that your traffic is matching different policy.

Also note that 5.0 vs 5.2 policy design has changed, see What's new on Docs.fortinet.com. Basically 5.2 has automatic fall through unauthenticated built in policy check, which mean all IP based policies are checked first, then should the traffic hit implicit deny second policy check round is strated, now taking user/device identity into account.

Here is the KB for FortiOS built in tools .. extremely handy for traffic flow related issues troubleshooting

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30038

Kind regards, Tomas

begasus72Author

New Member

Thanks xsilver for your reply.

I try to write more details:

I configured a single policy (MARCO), into a VDOM, that permit from interface WAN (subintervace IP 30.40.0.2) with source any-IP and marco-USER to an interface with destination my server 40.40.40.40.

if I try to reach my server, the match policy is matched (i see in log), but the browser link is modified with the IP 30.40.0.2 and then null page without it ask me any authentication popup. No other policy is matched.

If i only remove user marco, i can access to my server.

My FGT has firmware v5.4.0,build1011.

sorry

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded