Description | This article describes how to configure SWG Policy with SSO authentication |
Scope | FortiSASE. |
Solution |
When configuring an SWG policy with SSO authentication, it is essential to use a Security Profile Group that includes Deep Inspection. If Deep Inspection is not enabled, the following behavior can occur: go under Configuration -> SWG Policy.
Go under Configuration -> Security- > Profile Group drop-down.
The implicit denial will be hit. Go under Analytics -> Logs -> Traffic (Filter using the IP address of the SWG client to check the traffic).
When a Security Profile with Deep Inspection is applied to the SWG policy, the correct policy will successfully match. However, ensure that the FortiGate certificate is installed on the user's machine for proper functionality. Go under Configuration -> SWG Policy.
Notes: The default security profile deep inspection includes exemptions:
All of the exemptions need to be removed, or they will hit the implicit deny policy as well: 'Access Denied' 'The page you requested has been blocked by a firewall policy restriction.'
Go under Configuration -> Security -> Profile Group drop-down.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.