Explicit Proxy with authentication FOS 5.2.8
Hello everyone,
I'm working on Explicit Web Proxy with transparent authentication for multiple AD user groups.
I've configured Explicit Proxy with authentication and both NTLM and FSSO (agent) are working fine but only for the first group in the explicit policy rule set.
example: Explicit Proxy policies
1. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate| -> |GROUP: 1| |NTLM+FSSO| 2. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate| -> |GROUP: 2| |NTLM+FSSO| 3. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate| -> |GROUP: 3| |NTLM+FSSO|
Users in the group in policy '1' get pass through the FW fine.
I can see them under monitor (User&Device > Monitor > Firewall) with correct IP, group assigned and Auth Method set to Explicit Proxy; FSSO / Explicit Proxy; NTLM.
However users from groups listed below ('2' or '3') are unable to pass the FW - browser prompts for authentication (which doesn't work) and monitor lists these users with no group assigned and Auth Method set to: 'Explicit Proxy; Firewall' - no FSSO.
The same happens if I move policies around - policy sitting on the top always works, other ones - sitting below - don't work.
Any suggestions or ideas will be highly appreaciated!!! :)
Many thanks, A
forgot to mention that I resolved the query by using multiple groups under 1 policy:
1. |FROM: port1| |SOURCE: all| -> |TO: port2| |DESTINATION: all| |ACTION: authenticate|
|GROUP: 1| |NTLM+FSSO| |GROUP: 2| |NTLM+FSSO| |GROUP: 3| |NTLM+FSSO|
Thanks,
a
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.