Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiToken
- FortiTester
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortigate destination policy with user
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate destination policy with user
Hi.
We are using Cisco ISE with the pxgrid connector to fortimanager and that works fine.
but need to create fortigate policies with a user on both source and destination cause our cisco sda uses /19 subnets and seperated with sgt tags (pxgrid).
But when im trying to install a policy im only able to do source user, on destination there's no user tab.
Is that working as intended? cause then i need to have fortinet to make it work, out local fortinet team said it should work.
thx
Morten
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actual user/group objects can only be used as a source-filter.
However, what about using a dynamic address object for your goal?
As far as I know, pxgrid is intergrated via FMG pushing the info to the FGT over the FSSO protocol.
For FSSO you should be able to create a matching address object:
type = dynamic
sub type = FSSO
FSSO group = <select your pxgrid group/tag>
The resulting address object should be selectable as a destination address in a firewall policy.
Have you tried this?
[ corrections always welcome ]
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I don't know such feature on FortiOS.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Currently, this is not supported. We have a feature request but the feature is not available in any version yet.
Regards,
Shiva
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actual user/group objects can only be used as a source-filter.
However, what about using a dynamic address object for your goal?
As far as I know, pxgrid is intergrated via FMG pushing the info to the FGT over the FSSO protocol.
For FSSO you should be able to create a matching address object:
type = dynamic
sub type = FSSO
FSSO group = <select your pxgrid group/tag>
The resulting address object should be selectable as a destination address in a firewall policy.
Have you tried this?
[ corrections always welcome ]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi your a lifesaver, works like a charme.
Also better this way, then i dont need a ip subnet on the src and dst, the dynamic adress with the fsso/pxgrid group works.
thx
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I love this solution. Didn't think about before.
AEK
AEK
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Creating a Firewall policy 91 Views
- IPsec VPN configuration by enabling NAT... 119 Views
- Fortigate local user authentication 147 Views
- How can outgoing PING be disabled... 125 Views
- FortiADC Radius/Tacacs Admin Auth 151 Views
Labels
-
FortiGate
7,525 -
FortiClient
1,480 -
5.2
801 -
FortiManager
641 -
5.4
639 -
FortiAnalyzer
488 -
6.0
416 -
FortiAP
391 -
FortiSwitch
388 -
5.6
362 -
FortiClient EMS
319 -
FortiMail
288 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
182 -
FortiNAC
140 -
SSL-VPN
132 -
6.4
128 -
IPsec
128 -
FortiGuard
122 -
FortiGateCloud
98 -
FortiCloud Products
93 -
FortiSIEM
92 -
FortiToken
80 -
Customer Service
73 -
Wireless Controller
69 -
SD-WAN
66 -
4.0MR3
64 -
FortiProxy
54 -
FortiEDR
48 -
FortiADC
48 -
FortiAuthenticator
47 -
Fortivoice
46 -
FortiDNS
43 -
Firewall policy
42 -
FortiSandbox
39 -
FortiExtender
39 -
VLAN
37 -
FortiGate v5.4
36 -
High Availability
34 -
FortiSwitch v6.4
32 -
DNS
28 -
LDAP
28 -
BGP
27 -
FortiConnect
26 -
ZTNA
26 -
FortiGate v5.2
25 -
FortiWAN
24 -
Routing
24 -
FortiConverter
23 -
Interface
23 -
SAML
22 -
Authentication
22 -
Certificate
22 -
FortiSwitch v6.2
20 -
NAT
20 -
VDOM
19 -
FortiLink
19 -
FortiPortal
18 -
RADIUS
16 -
Logging
16 -
FortiMonitor
16 -
Virtual IP
16 -
Web profile
16 -
FortiGate v5.0
15 -
Application control
15 -
SSL SSH inspection
15 -
Fortigate Cloud
14 -
FortiDDoS
14 -
SSO
14 -
Traffic shaping
13 -
FortiManager v5.0
12 -
FortiCASB
12 -
IP address management - IPAM
11 -
FortiRecorder
10 -
SSID
10 -
Static route
10 -
FortiAP profile
10 -
WAN optimization
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiAnalyzer v5.0
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
SNMP
9 -
RMA Information and Announcements
9 -
OSPF
9 -
FortiManager v4.0
8 -
FortiBridge
8 -
Admin
8 -
Security profile
8 -
Proxy policy
8 -
Web application firewall profile
8 -
4.0
7 -
FortiCache
7 -
Automation
7 -
trunk
6 -
Packet capture
6 -
IPS signature
6 -
Antivirus profile
6 -
Traffic shaping policy
6 -
System settings
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiDirector
5 -
DNS Filter
5 -
FortiPAM
5 -
FortiTester
5 -
Users
5 -
Port policy
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiToken Cloud
4 -
FortiScan
4 -
Explicit proxy
4 -
Traffic shaping profile
4 -
Application signature
4 -
DLP sensor
4 -
DoS policy
4 -
Web rating
4 -
FortiInsight
3 -
FortiDB
3 -
FortiCWP
3 -
FortiHypervisor
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
Email filter profile
3 -
Fabric connector
3 -
File filter
3 -
Multicast routing
3 -
FortiAI
2 -
FortiNDR
2 -
Internet service database
2 -
Netflow
2 -
Protocol option
2 -
Replacement messages
2 -
Schedule
2 -
Service
2 -
VoIP profile
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
Kerberos
1 -
RIP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1279 | |
| 944 | |
| 681 | |
| 441 | |
| 177 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.