Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Dongfang_Li_FTNT
Staff
Staff

Created on ‎11-23-2023 06:28 PM

Article Id 285885

Technical Tip: Allow one user group to access ChatGPT and block access to other users

Description

This article describes how to limit ChatGPT access to a user group.
Scope FortiGate, all firmware.
Solution

A company may wish to only allow certain users to access ChatGPT and block other users.

 

ChatGPT (FQDN 'chat.openai.com') is under the web filter category 'General Interest – Business' and the sub-category 'Information Technology. When firewall administrator sets the action 'Authentication' for the sub-category 'Information Technology', all websites included in this sub-category will need user authentication before the user is allowed to these websites. This article explains how to only force user authentication for ChatGPT, but not other websites.

 

This article explains how to allow only an authenticated user group to access ChatGPT. The configuration will not affect the other websites.

 

Both the Webfilter profile and firewall policy should be in proxy-based inspection mode.

 

  1. Create a local custom category. In this example, it will be named 'Custom-ChatGPT'.
    Follow the steps in the administration guide.

  2. Create a Web Filter override for the FQDN 'chat.openai.com' to the sub-category 'Custom-ChatGPT'.
    Navigate to the FortiGate GUI -> Security Profile -> Web Rating Overrides -> Create New -> Enter 'chat.openai.com' -> Lookup rating -> under 'Override to', choose 'Custom Categories' as the category, and choose 'Custom-ChatGPT' as the sub-category.

  3. Set the 'authenticate' action in the sub-category 'Custom-ChatGPT' in the Web Filter profile.
    Navigate to the FortiGate GUI -> Security Profile -> Web Filter -> edit the profile -> under 'FortiGuard Category Based Filter', find 'Local categories'. Select 'Custom-ChatGPT' in the sub-category and right-click on it, then choose 'Authenticate'. A popup window will appear for authentication period and user group. Fill in the form and select the user group, then select OK. The sub-category status will change to 'Authenticate'.

  4. The user group can be a firewall local user group or an LDAP user group.

  5. Enable the Web filter profile in the firewall policy.

 

Related article:
Web rating override - FortiGate administration guide.   

 

659
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.