| Description | This article describes how to configure Terminal Server access for users. |
| Scope | FortiGate. |
| Solution |
Download the TS-Agent and FSSO-Agent from the support portals' download section.
After both agents have been installed and confirmed connected, the firewall policy can now be configured.
From the screenshot below, Firewall User Monitor shows that there are two users from separate groups: 1. jclar – MANILA, 2. avaldez – KL.
To view users in CLI, type the following command:
diagnose firewall auth list
Note: The Firewall User Monitor shows a successful login to the Terminal Server under different AD accounts
Separate firewall policy has been created for each user. Take note that below the firewall policies dedicated for each user, DNS firewall policy was also created. This is to allow traffic that requires DNS query such as HTTPS or HTTP traffic.
In addition, if this DNS firewall policy is not configured, some packets will be dropped and routed to Implicit Deny (or catch 'all' if the user has configured such a policy).
The session list below shows that the user is tagged and is passing through the correct firewall policy.
|
