Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor

FortiGate VPN Web Filtering

Good day

 

I am trying to setup web filtering for VPN users that use 2-Factor DUO as well but having a issues, I am running firmware 7.2 and using Active Directory groups to choose the correct Firewall policy to apply, the issue is the users are bypassing the correct filter. 

 

The "VPN-Group DUO Radius Servers" is the server group with the DUO servers in to do the 2-factor, the "CN=" is the users group and "SSLVPN_Tunnel_ADDR1" is the DHCP pool assigned to the VPN users computer.

 

I am quite new to FortiGate and hop someone can help as totally confised.

 

Thanks 

 

FirewallPolicies.png

4 REPLIES 4
AEK
Honored Contributor

Hi Julian

What do you mean by they bypassing the filter?

Which rule do they match?

AEK
AEK
julianhaines

I am not sure, all I know is for example, when I enable the "VPN - General" firewall rule I don't see the data going up and the user appears to be blocked from lots or sites they should have access to which are allowed. do I have the Firewall Rules setup correctly with the three sources.

 

Screenshot 2024-01-26 150440.png

AEK
Honored Contributor

Hi Julian

First, please explain what you want to achieve.

Also try follow the steps described in this document.

https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/115783/ssl-vpn-with-ldap-use...

Try follow it first just to achieve a simple ssl vpn connection, and then you can go to the next step.

AEK
AEK
hbac

Hi @julianhaines,

 

Can you check the logs to see which policy was matched? From you screenshot, the policy is greyed out which means it is disabled. 

 

Regards, 

Labels
Top Kudoed Authors