Description | This article explain how to configure identity based firewall policy for specific LDAP users, but without prompting the users for credential if they already login into LDAP server |
Scope |
FortiOS version 6.4.8. FSSO Agent 5.0.0304. |
Solution |
To implement this, a FSSO setup will be necessary. Once users logged into the domain using the units, FSSO Collector Agent will grab the information and relay it to FortiGate.
Once FortiGate receives the user information, it will not prompt for credential again. Usually it is done by 'User Group' information on LDAP server.
But to configure this, only for a certain LDAP users, there is a slight difference on how FSSO is configures.
1) LDAP server integrated with FortiGate. 2) FSSO Setting, 'User Group Source', set to 'Local'.
It is necessary to play around with LDAP filter to get the users wanted. Then assign the users directly into firewall policies. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.