Hi all forum gurus
Right now we are moving from our old MS TMG to Fortigate 1000D.
Got a question about Proxy policy
First, have to tell that all users in our organization have have proxy settings enable in their browsers
How to force authenticate a users from a specified IP source.
I've setup some testing rules (attaches picture) but I can't get it work for Terminal Servers IP groups.Seems users not authenticated ...
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
policy like #2 is not gonna get hit as there is any-any-accept .. easier way without authentication.
So first get rid of any-any-accept stuff .. this is firewall and default rule is deny.
All you configure are exceptions for those you would like to explicitly allow through under some conditions.
Then to apply authentication user for example need to come through port which spawns captive portal.
Or user can be pre-authenticated via FSSO (and for Terminal Servers best equipped with TSAgent), or handle all on session basis via Explicit proxy policies ..
Docs.fortinet.com and Authentication guide has a lot of tips.
Specific scenarios are on Cookbooks site.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hi,
You need to play with this ones:
(my sample configuration)..
config authentication scheme edit "ntlm" set method ntlm next edit "fsso" set method fsso next end config authentication rule edit "proxytest" set srcaddr "all" - here you can define who will be authenticated...but there are more options.. set active-auth-method "ntlm" set sso-auth-method "fsso" next end config authentication setting set active-auth-scheme "ntlm" end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.