Hello Dears
I am trying to block some users to access internet using FSSO policy but it seems not working could anyone advise about that ?
Bests
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 10-23-2022 11:23 PM Edited on 10-23-2022 11:31 PM
ok, please confirm that you choose "show all fsso logon" on that GUI
if your user not displayed mean you have sth wrong in active directory polling settings
I suggest you to read again the guide
if your config is OK, when you logon windows domain computer, user information must be collected by fortigate automatically and displayed on monitor section
I see in your captured image policy 159 action accept so why ?
i try block/deny but the seem issue
Do you have any deny policy as well for those users ? Firewall policies are working from top to bottom. Might be that allow policy is above then the deny policy.
Moreover, check the logs of Fortigate for more details.
regards,
Sheikh
no this is the only policy and it's the first policy in the area
you should check that the user you want to block was authenticated as FSSO-Users group
FSSO user must automatic authentication on firewall when the user logging on client PC on domain network without entering user name, password again to fortigate authentication portal.
I think that it;s authenticated with firewall user method, not fsso this case, please re check
hello dear and thnx for reply
as I under stand you meant i need to enable web auth on firewall then go ahead with that ?
Regards
Created on 10-23-2022 11:06 PM Edited on 10-23-2022 11:07 PM
no man, you said that you implement fsso , then you have to check that the user you testing that policy is authenticated at right group, you can see at "firewall user monitor" in GUI that if that user is displayed and belong to Fsso-users group.
Anyway you implement fsso using active directory polling or fsso-agent installed on server computers to sync the authentication to firewall?
Hello Dear
i impmlented it using polling one and in user monitor i did not see any user login on it
Created on 10-23-2022 11:23 PM Edited on 10-23-2022 11:31 PM
ok, please confirm that you choose "show all fsso logon" on that GUI
if your user not displayed mean you have sth wrong in active directory polling settings
I suggest you to read again the guide
if your config is OK, when you logon windows domain computer, user information must be collected by fortigate automatically and displayed on monitor section
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.