Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiADC Authentication policy based on IP range



Is it possible to have an authentication profile which is always active on an Virtual Server except for one specific IP range/Subnet?


We had a rule on a Citrix Netscaler which we want to implement in a similar way on a FortiADC.

All connections to a Virtual machine must authenticate, use an Authentication profile, except for a specific IP range /Subnet they must not authenticate.


We could not find a "simple" solution for this on the FortiADC.

Valued Contributor

I think you can achieve it this way:

- Publish twice your web server (e.g.: on VS1 & on VS2)

- Enable authentication policy on VS1

- Don't enable auth policy on VS2

- Add policy on your firewall to allow only your specific IP range to access VS2

- Allow all to access VS1