Good afternoon, i have firewall fortigate 800D with FortiOs 5.6.3 and im having a that folow below:
The firewall is giving access to the Internet to machines that receive the IP that the user with permission used, even though it is a local account it goes to the internet because the IP is recognized in the firewall as the IP of a user with Internet access. I tried to diagnose debug authd fsso clear-logons to clear the cache but the problem prevails.
Here is my configurations:
1. I installed de FSSO software in domain controller to sync the AD users groups; 2. I created users groups in firewall maped to AD users groups; 3. I created policy IPv4 with the folow information: Name: Full_Access_Users Incoming Interface: Internal (port1) Outgoing Interface: sd-wan Source: all & DSI(users group) Destination: all Schedule: always Service: ALL
The policy is the second counting from top to bottom
The machine that is not in domain but have the IP thats is recognized by firewall as IP of user with internet access is going to internet for this policy and in fortiview apear the user and that IP going to internet.
There is a logon event on the domain controller for the user associated with that IP. Just because the machine is not domain joined does not mean a user can't login to the domain it. Connecting to a share or even Outlook client could generate a logon event captured by the domain controller. Could this be the case?
HTH
d
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.