Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
muhammadsaad
Contributor

Created on ‎06-03-2025 05:42 AM

Facing a Challenge in Explicit Web Proxy Deployment

Hi Team,

We are implementing Explicit proxy at the customer end with Fortinet Firewall-601F. The scenario is we have two VDOM's i.e. Proxy and Perimeter. The user traffic will pass from Proxy towards Perimeter to reach the internet.

vdom diagram.png

For user authentication, we are using FSSO. The challenge we are facing is that in FSSO only groups are calling rather than specific user. Our goal is to apply separate policies on the user. In FSSO, we have fetched the AD user locally via LDAP rather than collector agent. The problem is that we have got four active directory and in FSSO only one of them is allowed to add. A user can land on any of the Active Directory for the authentication whereas if any user landed on the active directory that is not part of the FSSO will not be able to authenticate.

 

So kindly help and advise, how can we resolve and overcome the said issue.

 

Moreover, please also let us know in Explicity proxy what is the recommendation either FSSO is more valuable or Kerberos.

Labels:
297
0 Kudos
1 REPLY 1
muhammadsaad
Contributor

Created on ‎06-03-2025 07:40 PM Edited on ‎06-03-2025 07:40 PM

Anybody can provide assistance on this?

262
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.