Hi all,
I'm actually migrate my firewall from an Cisco ASA to a Fortigate-200D but I'm stuck on a problem.
I have a web server on my local network and I want an authentication page before my website is displayed.
Have someone already configure this ?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Just add a source User or Group to the policy. The User or Group can be local or remote (ldap/radius) authenticated.
Regards
________________________________________________________
--- NSE 4 ---
________________________________________________________
Hey there,
just add a user or usergroup to the source adress field of the policy.
Regards.
Edit: double post marcus was 9 minutes faster :)
sudo apt-get-rekt
hey there,
ok did you make an deny rule for implicit traffic?
please have a look at the cookbook:
http://cookbook.fortinet.com/user-and-device-authentication-54/
Regards
sudo apt-get-rekt
Hi, Try to add <set auth-redirect-addr> <destination url> to the policy. Not sure about https, at minimum I think you need SSL Inspection. In my case, we have a internal Wiki that we secured from the WAN with captive portal. This site is https only and if I remember correct, this was only working after adding a https virtual server (loadbalancing, not NAT).
BTW.: The policy seems ok, what is the error/not working?
________________________________________________________
--- NSE 4 ---
________________________________________________________
Policy rule is not matching.
I added a deny policy rule above and traffic is blocking. If I move this "deny" policy after my "permit" policy I don't see packets matched for this policy.
I will try to add <set auth-redirect-addr> <destination url> to the policy and keep you informed.
Thanks again
I tried to add <set auth-redirect-addr> <destination url> to the policy but users dont receive the authentication portal.
From a capture packets my policy rule does not match with traffic request. Do you have any suggestion ?
Thanks again for your help
How are you routing toward the web server? Is the "skynet-3" a public IP address the url resolves to? Do you have a route to it? First I would sniff it to make sure it's hitting the wan1 interface. Then if hitting, run a flow debug you can find at KB and Online Help.
I can access on this server from outside and by a URL.
I checked with sniffing packets and I see that if my source IP address are fulfilled with "all" and "user" this rule does not match with traffic request.
I will try to run a flow debug and inform you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.