Good day
I am trying to setup web filtering for VPN users that use 2-Factor DUO as well but having a issues, I am running firmware 7.2 and using Active Directory groups to choose the correct Firewall policy to apply, the issue is the users are bypassing the correct filter.
The "VPN-Group DUO Radius Servers" is the server group with the DUO servers in to do the 2-factor, the "CN=" is the users group and "SSLVPN_Tunnel_ADDR1" is the DHCP pool assigned to the VPN users computer.
I am quite new to FortiGate and hop someone can help as totally confised.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Julian
What do you mean by they bypassing the filter?
Which rule do they match?
Created on 01-26-2024 07:04 AM Edited on 01-26-2024 07:05 AM
I am not sure, all I know is for example, when I enable the "VPN - General" firewall rule I don't see the data going up and the user appears to be blocked from lots or sites they should have access to which are allowed. do I have the Firewall Rules setup correctly with the three sources.
Hi Julian
First, please explain what you want to achieve.
Also try follow the steps described in this document.
Try follow it first just to achieve a simple ssl vpn connection, and then you can go to the next step.
Hi @julianhaines,
Can you check the logs to see which policy was matched? From you screenshot, the policy is greyed out which means it is disabled.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1028 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.