Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Diabolicus23
New Contributor

Filtering users connected via Remote Desktop

Is it possible to apply web filtering rules to users logged via remote desktop sessions? I mean, I' ve the need to apply different policies to users with different logged in username but with the same IP address. Is there a way to do this? I' ve read something about Explicit Web Proxy Authentication but don' t know it very well. Thanks!
4 REPLIES 4
lofi
New Contributor

If someone is using Remote Desktop, try using a policy for that RD host' s IP. The traffic should be originating from there, not from the RD client, unless you' ve got something like tunnelling going on.
Diabolicus23
New Contributor

Not sure to have understood well, so sorry for my stupid question If user " John" from his pc " A" connects via RDP to server " B" and visit a site from this RDP connection, I will see traffic with source IP the B-Server IP, is that correct? I will lose the trace of the A-computer IP. And if a user " Clare" connect to the server " B" from her personal computer " C" , I will see web traffic newly for the B-Server IP so I cannot discriminate policies with IP-Based filter.
Sylvia

As far as I know there is no other way than using the explicit proxy. If John and Clare logs in with there AD accounts you can use NTLM for the authentication so there is no explicit authentication for the users. Information can be found in the WanOpt Handbook. Regards, Sylvia
pchechani_FTNT

You can try implementing identity based firewall policy.
-p
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors