What is required so that I can use "users" in policy rules?

Forum|Forum|4 years ago
August 27, 2021
1 reply
2388 views

Hi everyone,

I just need a quick refresher on what is required for me to be able to use a user in a firewall policy.

We have a few finance systems that we need to lock down to only 2 users that can access from SSL VPN.

We already use a RADIUS server for the SSL VPN - I would like to create a new rule that allow access from SSL VPN to the 2 fianance systems if the user is "USER1 or USER2"

lobstercreed

New Member

You either need to find a way to send a different group attribute from RADIUS and use that, or you define the users as actual remote (RADIUS) users on the firewall and use those. I've done a combination of the two depending on the situation.

Just know that this all goes in the crapper if you're wanting to move to SAML. Fortinet needs to get their head out of their derrière and see how people actually do user/group matching to make this work right...I'd love to move to SAML login for VPN.

M_M_SW

New Member

if using ssl-vpn

you can add on fortitoken

fortigate have two free licence

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded