Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

AD Users not get identify with Explicit Web Proxy Policy Authentication

Hi Forti Fellows,


I deployed the FGT-60E over 6.0 and 6.0.2 for the explicit web proxy authentication. The issue is that after all configuration of explicit web proxy by following the process of making " authentication scheme (basic + NTLM method), authentication rule, authentication setting " and set up the proxy on the 8080, it's working when we run simple proxy policy without adding the AD-Group in the source. 


But whenever I add the SSO-Based AD-group in the source the connection is denied and traffic is blocked by the implicit rule and it gives the error " your connection is not secure + access denied ".  


In the logs, the group field is showing "N/A" against the AD-user and as the user not got identify from the group so it's blocked the traffic. 


Here are the configurations and setup.


Configure Authentication Scheme


FGT60ETK18025803 # config authentication scheme FGT60ETK18025803 (scheme) # edit ibs_auth_scheme FGT60ETK18025803 (ibs_auth_scheme) # set method basic FGT60ETK18025803 (ibs_auth_scheme) # set user-database IBS_AD FGT60ETK18025803 (ibs_auth_scheme) # end


Configure Authentication Rule


FGT60ETK18025803 # config authentication rule FGT60ETK18025803 (rule) # edit ibs_auth_rule FGT60ETK18025803 (ibs_auth_rule) # set status enable FGT60ETK18025803 (ibs_auth_rule) # set protocol http FGT60ETK18025803 (ibs_auth_rule) # set srcaddr ibs_lan FGT60ETK18025803 (ibs_auth_rule) # set ip-based disable FGT60ETK18025803 (ibs_auth_rule) # set active-auth-method ibs_auth_scheme FGT60ETK18025803 (ibs_auth_rule) # set web-auth-cookie enable FGT60ETK18025803 (ibs_auth_rule) # end


Configure Authentication Settings


FGT60ETK18025803 # config authentication setting FGT60ETK18025803 (setting) # set active-auth-scheme ibs_auth_scheme FGT60ETK18025803 (setting) # set captive-portal-port 8080 FGT60ETK18025803 (setting) # end



Thanks in advance.





Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors