First of all. Hello everyone.
I'm a previous watchguard user and I need to do some rules that already works in my organization. But what I do doesn´t work in the way I know in the fortigate device.
I need to get 3 user groups, and every group have their own distinct rules to use the internet.
The first group, the directive type, have access to all categories in the webfilter.
The second group, the medical and nurse users, have access to all categories, except streaming services (Netflix, Yourube), social networks, etc.
An the third group have just access to search engines, .gov domains, .org domains, webmail, and domains like that.
I need to enforce a user to login ath the device and I will be allowed in one of the two first rules, or in the third if he does´nt have a valid login.
the problem is that I cannot do that like in the watchguard device, where I only have to put on top the least permisive rules and down the most permisive, in that way, if the user wants to get access to outlook.com he doesn neet to login. But if he want to get access to facebook he need a user of the first group. If he have a user of the second group, the access to facebook just are rejected, but I will be allowed to navigate on the rest of the internet.
I hope somebody understand and figure it out what I need to do and could help me.
Have a nice day.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Julio,
I am not familiar with Watchguard, but conceptually this should be very simple to do in the FortiGate.
Basically you need 3 rules from lan to wan, with the destinations any, and the source will be any (or your LAN IPs) plus the user group for that rule. It won't really matter the order you put them in because only the combination of IP *and* user group should result in a match.
Lastly, you'll need to set up 3 different web filter profiles to accomplish the various limitations you've described, and attach them to the appropriate outgoing rule.
I hope this helps. - Daniel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.