Fortinet Community

Forti500D · ‎03-07-2019

hi,

im having big issue about firewall users. the problem is my client told me that he wants to create users and manage them using user group so i created 500 users and add them to 23 groups, after creating all the policies it work fine but now some of the users cant access the internet using their PC and not all the users cause this just few users. there is no any mac binding and any other device control policy in my firewall.funny thing is that users cant access their user name using internet but using different user name they can access the internet using same machine. so i check all the configuration but i couldn't find any error. after that i plug new network card to that PC and configure it using same IP as previews network card had then it working fine with their user name and password.

another thing is after typing username and password it authenticate in the firewall but i cant ping to the google, but using different username and password it can.

if any one can help me with this.

TIA

Forti500D · ‎02-11-2020

HI GUYS!

So this is the reason for this issue, in that time I have enable the device detection in the firewall.that is the reason for this mess, if you guys want to enable device detection please make sure your end devices are virus-free. because as my knowledge FortiGate detects devices using by TTL. in my scenario my client PC's are exposed to viruses and they change the TTL of the machines,

diagnose user device get <MAC-ADDRESS> (you can get device information device OS etc)

diagnose user device clear all (clear all the device inventory)

diagnose user device del <MAC-ADDRESS> (you can delete one by one)

using the above command you can resolve the issue but it's not permanent.

I solve this quite some time ago sorry for the late reply.

Fortinet Community

Firewall user error|500D