Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TechBC
New Contributor

Created on ‎03-09-2012 02:17 AM

Authentication " session based" instead of " ip based"

Hello there I have F60C v4.0,build5849,110804 (MR2) I have a Terminal Server with 30 users working on it. My need is to create different rules based on group membership, so that if a user is member of Group1 can' t see " Controversial" sites, and if a user is member of Group2, he/she can see everything. I already configured Directory Services and User Groups and I can successfully create a rule with " Identity based" . The problem is that once the first user is authenticated, the entire IP address of terminal server gets authorized based on the user... so other users will acquire the rule of the first logged on user. How do I fix this? TIA
5277
0 Kudos
2 REPLIES 2
Carl_Wallmark
Valued Contributor

Created on ‎03-13-2012 01:02 PM

Hi, Two options: 1. You have to enable " 1 IP" for each user on the TS, I dont remember the name of that function, but it is available for both TS and Citrix. 2. Wait for FortiOS 5.0, it will have SSO agent for TS

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
2210
0 Kudos
TrevorCampbell
New Contributor

Created on ‎03-13-2012 08:47 PM

Hi TechBC You can do this right now you don' t need to wait for FortiOS 5.0. Refer to this post: Identity based policies and Terminal Server (NTLM Authentication) http://support.fortinet.com/forum/tm.asp?m=74066&appid=&p=&mpage=1&key=&language=single&tmode=&smode=&s=#74341 Where I was having some issues and the results of my testing. I' ve got this running successfully with a FortiGate 60C and two Citrix servers at one site and a FortiGate 80C and one Citrix server at another site. Both are running FortiOS Version 4.0 MR2 <Patch Something>.... From memory there were a few hoops to jump through, and users need to use the explicit proxy. Have a read of the above thread and if you still stuck post back and I' ll try to answer you as best I can. Best of luck.
Trevor
Trevor
2210
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.