Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chpa
New Contributor

Authentication page

Hi all,

 

I'm actually migrate my firewall from an Cisco ASA to a Fortigate-200D but I'm stuck on a problem.

I have a web server on my local network and I want an authentication page before my website is displayed.

Have someone already configure this ?

 

Thanks!

9 REPLIES 9
Markus
Valued Contributor

Hi,

 

Just add a source User or Group to the policy. The User or Group can be local or remote (ldap/radius) authenticated.

 

Regards


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
Hosemacht
Contributor II

Hey there,

 

just add a user or usergroup to the source adress field of the policy.

 

Regards.

 

Edit: double post marcus was 9 minutes faster :)

sudo apt-get-rekt

sudo apt-get-rekt
chpa
New Contributor

Unfortunately is not working. I miss propably something. Attached you can find a screenshot of the policy rule.

Hosemacht

hey there,

 

ok did you make an deny rule for implicit traffic?

please have a look at the cookbook:

 

http://cookbook.fortinet.com/user-and-device-authentication-54/

 

Regards

sudo apt-get-rekt

sudo apt-get-rekt
Markus
Valued Contributor

Hi, Try to add <set auth-redirect-addr> <destination url> to the policy. Not sure about https, at minimum I think you need SSL Inspection. In my case, we have a internal Wiki that we secured from the WAN with captive portal. This site is https only and if I remember correct, this was only working after adding a https virtual server (loadbalancing, not NAT).

 

BTW.: The policy seems ok, what is the error/not working?


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
chpa
New Contributor

Policy rule is not matching.

I added a deny policy rule above and traffic is blocking. If I move this "deny" policy after my "permit" policy I don't see packets matched for this policy.

I will try to add <set auth-redirect-addr> <destination url> to the policy and keep you informed.

 

Thanks again

 

 

chpa
New Contributor

I tried to add <set auth-redirect-addr> <destination url> to the policy but users dont receive the authentication portal.

From a capture packets my policy rule does not match with traffic request. Do you have any suggestion ?

 

Thanks again for your help

Toshi_Esumi

How are you routing toward the web server? Is the "skynet-3" a public IP address the url resolves to? Do you have a route to it? First I would sniff it to make sure it's hitting the wan1 interface. Then if hitting, run a flow debug you can find at KB and Online Help.

chpa

I can access on this server from outside and by a URL.

I checked with sniffing packets and I see that if my source IP address are fulfilled with "all" and "user" this rule does not match with traffic request.

I will try to run a flow debug and inform you.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors