FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains why Samba shared folder access might not be reachable when access from Terminal Server with Terminal Server Agent (TS Agent) through identity based policies.
Solution SMB application does not use the user port-range assigned by TS Agent. SMB uses system port range, therefore the port-range mismatch causes authentication failure when validating against firewall policies with FSSO on FortiGate unit.
Reason for this is that SMB traffic is initiated by system process. Any traffic initiated by system process follows the system port range so it cannot be associated with a user. TS Agent can only intercept traffic initiated by a user process.
Create separate firewall policy without authentication for
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.