Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor II

FortiGate VPN Web Filtering

Good day

 

I am trying to setup web filtering for VPN users that use 2-Factor DUO as well but having a issues, I am running firmware 7.2 and using Active Directory groups to choose the correct Firewall policy to apply, the issue is the users are bypassing the correct filter. 

 

The "VPN-Group DUO Radius Servers" is the server group with the DUO servers in to do the 2-factor, the "CN=" is the users group and "SSLVPN_Tunnel_ADDR1" is the DHCP pool assigned to the VPN users computer.

 

I am quite new to FortiGate and hop someone can help as totally confised.

 

Thanks 

 

FirewallPolicies.png

4 REPLIES 4
AEK
SuperUser
SuperUser

Hi Julian

What do you mean by they bypassing the filter?

Which rule do they match?

AEK
AEK
julianhaines
New Contributor II

I am not sure, all I know is for example, when I enable the "VPN - General" firewall rule I don't see the data going up and the user appears to be blocked from lots or sites they should have access to which are allowed. do I have the Firewall Rules setup correctly with the three sources.

 

Screenshot 2024-01-26 150440.png

AEK

Hi Julian

First, please explain what you want to achieve.

Also try follow the steps described in this document.

https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/115783/ssl-vpn-with-ldap-use...

Try follow it first just to achieve a simple ssl vpn connection, and then you can go to the next step.

AEK
AEK
hbac

Hi @julianhaines,

 

Can you check the logs to see which policy was matched? From you screenshot, the policy is greyed out which means it is disabled. 

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors