Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Authentication " session based" instead of " ip based"
Hello there
I have F60C v4.0,build5849,110804 (MR2)
I have a Terminal Server with 30 users working on it.
My need is to create different rules based on group membership, so that if a user is member of Group1 can' t see " Controversial" sites, and if a user is member of Group2, he/she can see everything.
I already configured Directory Services and User Groups and I can successfully create a rule with " Identity based" .
The problem is that once the first user is authenticated, the entire IP address of terminal server gets authorized based on the user... so other users will acquire the rule of the first logged on user.
How do I fix this?
TIA
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Two options:
1. You have to enable " 1 IP" for each user on the TS, I dont remember the name of that function, but it is available for both TS and Citrix.
2. Wait for FortiOS 5.0, it will have SSO agent for TS
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi TechBC
You can do this right now you don' t need to wait for FortiOS 5.0.
Refer to this post:
Identity based policies and Terminal Server (NTLM Authentication)
http://support.fortinet.com/forum/tm.asp?m=74066&appid=&p=&mpage=1&key=&language=single&tmode=&smode=&s=#74341
Where I was having some issues and the results of my testing.
I' ve got this running successfully with a FortiGate 60C and two Citrix servers at one site and a FortiGate 80C and one Citrix server at another site. Both are running FortiOS Version 4.0 MR2 <Patch Something>....
From memory there were a few hoops to jump through, and users need to use the explicit proxy.
Have a read of the above thread and if you still stuck post back and I' ll try to answer you as best I can.
Best of luck.
Trevor
Trevor
