Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Explicit Proxy with authentication

Explicit Proxy with authentication FOS 5.2.8


Hello everyone,


I'm working on Explicit Web Proxy with transparent authentication for multiple AD user groups.


I've configured Explicit Proxy with authentication and both NTLM and FSSO (agent) are working fine but only for the first group in the explicit policy rule set.


example: Explicit Proxy policies

1. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate| -> |GROUP: 1| |NTLM+FSSO| 2. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate| -> |GROUP: 2| |NTLM+FSSO| 3. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate| -> |GROUP: 3| |NTLM+FSSO|


Users in the group in policy '1' get pass through the FW fine.

I can see them under monitor (User&Device > Monitor > Firewall) with correct IP, group assigned and Auth Method set to Explicit Proxy; FSSO / Explicit Proxy; NTLM.


However users from groups listed below ('2' or '3') are unable to pass the FW - browser prompts for authentication (which doesn't work) and monitor lists these users with no group assigned and Auth Method set to: 'Explicit Proxy; Firewall' - no FSSO.


The same happens if I move policies around - policy sitting on the top always works, other ones - sitting below - don't work.


Any suggestions or ideas will be highly appreaciated!!! :)


Many thanks, A

New Contributor

forgot to mention that I resolved the query by using multiple groups under 1 policy:


1. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate|






Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors