| Description | This article explains how to configure user-based policies for LAN users within FortiGate. |
| Scope | FortiGate. |
| Solution |
This article assumes an example configuration, where the WAN IP is 41.1.12.112/32 and the Internal IP is 172.16.3.0/24.
Create Users
First, create the necessary users to assign bandwidth caps to. Local, LDAP and Radius users can also be used.
Create Firewall Policy
1) Create a policy with users and groups in the source with 'all' selected for the address. 2) Provide internet or internal server traffic as the destination, as required. 3) Configure the policy to be proxy-based. 4) Apply security profiles.
By default, traffic will pass through the FortiGate with an IP based policy. This feature can only be configured through the CLI:
# config user setting set auth-on-demand always end
After running this command, traffic will use the authentication policy and each user will receive an authentication prompt.
The always parameter will always trigger firewall authentication on demand. The implicitly parameter (the default option) will implicitly trigger firewall authentication on demand.
If configured correctly, network users trying to connect to the Wi-Fi or LAN will be prompted for authentication:
|
