Is it possible to have an authentication profile which is always active on an Virtual Server except for one specific IP range/Subnet?
We had a rule on a Citrix Netscaler which we want to implement in a similar way on a FortiADC.
All connections to a Virtual machine must authenticate, use an Authentication profile, except for a specific IP range /Subnet they must not authenticate.
We could not find a "simple" solution for this on the FortiADC.
I think you can achieve it this way:
- Publish twice your web server (e.g.: on VS1 & on VS2)
- Enable authentication policy on VS1
- Don't enable auth policy on VS2
- Add policy on your firewall to allow only your specific IP range to access VS2
- Allow all to access VS1
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.