Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎08-24-2024 05:03 AM Edited on ‎08-24-2024 05:04 AM By Community Manager

Article Id 335983

Technical Tip: Controlling web traffic using FSSO User based policies

Description

 

This article describes how it is possible to control traffic based on FSSO User based policies.

 

Scope

 

FortiGate.

 

Solution

 

  1. The first thing needed is to have the FSSO configured on the FortiGate, visit Technical Tip: Configure FSSO in DC Agent mode for that.

  2. After that create 2 separate web filters as per the requirement, here it has been created to Allow and Block Twitter for user AccessTwitter and BlockTwitter.
        
    web-filters.jpg         
  3. Once done apply it to the policies as below, make sure to use the fsso-groups in the policy:
                   
    fsso-policies.jpg                                   
  4. Below, log in with AccessTwitter user and it shows that it is possible to access the Twitter website:
                      
    access-twitter.jpg                                      
    access-twitter-login.png                                                
  5. Below, log in with the user BlockTwitter, it is impossible to access the web page but possible to ping the destination URL:
                             
    block-twitter-login.png                                  block-twitter.jpg
891
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.