Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BJBee
New Contributor

Created on ‎12-10-2021 02:40 AM Edited on ‎12-10-2021 02:40 AM

FortiADC Authentication policy based on IP range

Hi,

 

Is it possible to have an authentication profile which is always active on an Virtual Server except for one specific IP range/Subnet?

 

We had a rule on a Citrix Netscaler which we want to implement in a similar way on a FortiADC.

All connections to a Virtual machine must authenticate, use an Authentication profile, except for a specific IP range /Subnet they must not authenticate.

 

We could not find a "simple" solution for this on the FortiADC.

Labels:
1122
0 Kudos
1 REPLY 1
AEK
SuperUser
SuperUser

Created on ‎05-19-2022 12:18 PM

I think you can achieve it this way:

- Publish twice your web server (e.g.: on VS1 & on VS2)

- Enable authentication policy on VS1

- Don't enable auth policy on VS2

- Add policy on your firewall to allow only your specific IP range to access VS2

- Allow all to access VS1

AEK
AEK
761
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.