FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fquerzo_FTNT
Staff
Staff
Description
This article explains why Samba shared folder access might not be reachable when access from Terminal Server with Terminal Server Agent (TS Agent) through identity based policies.

Solution
SMB application does not use the user port-range assigned by TS Agent.
SMB uses system port range,
therefore the port-range mismatch causes authentication failure when validating against firewall policies with FSSO on FortiGate unit.

Reason for this is that SMB traffic is initiated by system process.
Any traffic initiated by system
process follows the system port range so it cannot be associated with a user.
TS Agent can only
intercept traffic initiated by a user process.

Create separate firewall policy without authentication for SMB traffic


Comments
JNDias
Staff
Staff

An example of the issue:2022-07-05_16-55.jpeg

Contributors