Hi All,
I am in need with some assistance. I am looking to enable "Full VPN Tunnel" for VPN users and control what they access based on security groups from AD. I have got the VPN working with Azure SAML authentication.
However the users are not able to access out via their designated security groups and from my understanding this is because the users that are authenticated are not getting the username/IP mapped or sent to the AD/FSSO.
Can anyone assist on how can I make my VPN work with Azure SAML at the same time using the Security Groups from AD. I do have the FSSO agent installed on the AD server. Appreciate any help that can be given/guidance.
Hello @kanes39,
FSSO is effective for Windows Logon Events. However, for VPN Logon Events, our attention should be directed to logon events on the authentication server utilized for VPN Users, in your case Azure SAML Authentication.
To set this up with Azure SAML, you can follow the configuration steps outlined in this KB: [link](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-group-based-policies-for-Microso...).
That set up would allow you to configure SSL VPN Portals per User Group, so you can control access based on their group on Azure.
I hope that helps.
Regards,
Thank you @mauromarme.
I have multiple group in the AD for instance like the below and they will have to go out via the corporate Internet for that - in that event how can I do it.
Apart from that I did observe some documentation that we can send the logging from Fortigate Firewall to the FSSO agent for updates - will that work.
- Group that is allowed to access GMAIL
- Group that is allowed to access Social Media
- Group to access Hotmail.
Thanks In Advance.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.