Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Aghiles
New Contributor

Explicite proxy and FSSO Auth

Hi,

 

I configured Fortigate (Fortios 6.2) as an explicite proxy with FSSO authentication, everything work well for the domain devices,  but some employees still use laptops, that are not part of the Domain, and for this type of the devices the FSSO Auth dont work.

 

Is there a way to set up a secondary Auth as a backup for the first FSSO Authentication, by using authentication rules ?

 

 

Best regards

1 REPLY 1
xsilver_FTNT
Staff
Staff

that's exactly what authentication rules/schemes/settings are meant for.

How about something like fallback to NTLM (or better to Kerberos but ATM I have none set)?

config authentication scheme edit "NTLM" set method ntlm set fsso-agent-for-ntlm "CollectorAgent" next edit "FSSO" set method fsso next end

 

config authentication setting set active-auth-scheme "NTLM" set sso-auth-scheme "FSSO" end

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Labels
Top Kudoed Authors