Hello,
We have virtual FortiGate, deployed in Azure. We activated Remote Access VPN (FortiVPN) and integrated it with SAML Azure. Authentication don based Group. And I have question regarding these groups.
For example:
If i Have group_1 which have access to server_1 and server_2, also i have user_A which is member of group_1.
Also I have group_2 which has access to Server_3, and user_B.
And User_A can access to servers which is provided be group_1
And User_B can access to servers which is provided be group_2
But If I then need to provide for User_A access to the Server_3 what do I need to do? Do I need to add this user also to Group_2? or I need to create Group_3, provide for this group accesss to server_1, server_2, server_3 and then add to this group User_A?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@1mm,
Both group A and B must be mapped under SSL-VPN Settings. You also need firewall policy to allow group B.
Regards,
One Additional question.
How I can select which group must be used for Authentication and which for Accesses?
I would like to do in such way.
If user is member of Group A - User can do Authentication and will have some basic access (for example, dns, AD and so on).
When user will be added to the Group B - User will receive additional accesses.
It will be better for logic and fast troubleshooting. Right now when user is member of Group A and Group B, in fortigate in monitoring I see that he is member of Group A and then when he will do reconnection he will be member of Group B and so on.
How Fortigate choose which group it will check firstly?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.