Hi all.
I got a 90D device. I want to block some User in my domain access to internet.
I try to set up but it doesn't work. Anyone help.
When i set up WEB FILTER, it effect to all network, all user. But i just want it effect to some user/PC/IP only. Is it possible?
I read someone talk about SINGLE SIGN ON function.
I already set up SINGLE SIGN ON in my AD and already connected.
But when i create policy, it doesn't work. I don't know what wrong, did i wrong in setting up.
Explain for image
policy 1: All user can access to All resource
policy 2: User in group " FSSO BLOCK GROUP" can NOT access to All resource.
( i tried move policy 2 up but nothing change)
Please contact me through this forum or by email nam.lt@outlook.com
Thank you so much
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Don't know if anyone has contacted you privately, but it looks like you have your Policy order backwards. Try placing the Deny policy above the Allow policy. When a packet hits the FG, it will be processed via the first policy that applies to it. Since the Allow is for "all" it is processed there and never hits the second one.
We have the google FQDN's opened per their suggestion ( https://support.google.com/a/answer/2589954?hl=en ) and ( https://support.google.com/drive/answer/6163291 ) the kids have discovered a number of gaming sites on google homepages, all seem to be named "my games
" i.e. http://mygameus.blogspot.com http://mygameus.blogspot.com/2016/03/Barney.html [link=http://mygameus.blogspot.com/2016/03/Jet-Pack-Monkey.html] http://mygameus.blogspot....3/Jet-Pack-Monkey.html[/link] The problem is that blocking google by address doesn't seem to work as every request seems to use a different one, and I don't know why but I don't seem to be able to block by name. I put in a simple IPV4 policy, source = any, Destination = "http://mygameus.blogspot.com/2016/03/Crosstown-Craze.html", block and it doesn't work. because it is a block there is no SSL inspection or anything like that.... When I look at the log there is nothing that says "http://mygameus.blogspot.com/2016/03/Crosstown-Craze.html" just "encrypted-tbn1.gstatic.com" but I don't want to block all of google, just the few sites. Can anyone help?
You could use Application Control to block the whole category instead of just one URL. Create an AC sensor, enable category "Gaming" and apply that to the policy 'internal' -> 'wan'. Works quite well IME.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.