Hi there,
for example i have this (after upgrading 5.4 to 5.6)
edit "auth-rule4pol7"
set srcaddr "Inside-Network-Clients" "Inside-Network-Server" "VPNs"
set ip-based disable
set active-auth-method "auth-sch4pol7"
next
edit "auth-rule4pol3"
set srcaddr "Inside-Network-Clients" "Inside-Network-Server" "VPNs"
set ip-based disable
set active-auth-method "auth-sch4pol3"
So basically both has the same criteria...so both may fit. Now i have watched at my previous explicit Proxy rules, there is not mentioned which authentication rule will be used. So how do i prioritise the authentication rule over another one? Or how do i say this Proxy policy should use this rule like it was in 5.4?
Hope someone can help
Solved! Go to Solution.
Hi Wurstsalat, rules are evaluated top-down. So first will match it all. Second is just the leftover from upgrade process.
EDIT: You are basically selecting which authentication to use based on source IP address in the rule. Once rule is matched, authentication scheme specified in it will be used.
Fishbone)(
smithproxy hacker - www.smithproxy.org
nope, you are talking about forms based authentication...if you use ntlm/kerberos authentication there is no need for the user to enter any credentials after domain logon at the Computer, this works with the most Browsers such as firefox (configuration required), Chrome based, Internet Explorer and Edge. This works for explicit Proxy as follows
- Client sends unauthenticated request
- Explicit Proxy replies with http 407
- Client sends automaticaly authentication information
- Depending on the Proxy rules, Client gets access
Anyway this was never the question ;)
Hi Guys,
is there a way to build a rule with no authentication?
I have build up explicit Proxy in 5.6.7 with FSSO authentication. Anyway there are some systems which are not member of our domain which needs to access to the internet.
For some reasons I do not have the possibility to set up a authentication scheme/rule for no authentication.
Can someone help me?
Best regards
Mario
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.