User Centric Policies on Fortigate

FSSO is probably the easiest way to do this. You can allow access transparently, based on the AD user or group.  See this document for a bit more details: https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/450337/fsso

Hi,

To implement user-centric policies on FortiGate using FortiClient EMS and FortiGate 4200F, you can leverage Zero Trust Network Access (ZTNA) features. Here's how you can achieve this:

1. **Zero Trust Network Access (ZTNA)**: ZTNA allows you to control network access based on user identity and device posture, rather than just IP addresses. This aligns with your requirement for user-specific access control.

2. **FortiClient EMS Integration**: Ensure that your FortiClient EMS is properly integrated with your FortiGate 4200F to manage user identities and access policies centrally.

3. **User Tagging**: Utilize user tagging in FortiClient EMS to assign specific security posture tags to users based on their roles or permissions. For example, you can tag support personnel differently from other users.

4. **Policy Configuration**: Configure firewall policies on your FortiGate 4200F that consider the security posture tags assigned to users. This way, you can control access based on user identity and device classification.

5. **Testing and Monitoring**: Test the user-centric policies to ensure they function as intended. Monitor traffic and access logs to verify that only authorized users can reach specific backend systems.

By implementing ZTNA and user-centric policies, you can enhance security and control access based on user identity, providing a more modern and granular approach to network access control.

Refer:-
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/477578/ztna-ip-mac-based-access-control-example