Hi all,
we have a problem with explixit webproxy in combination with kerberos. Problem is that our client pc or laptop had services that are contacting the firewall befor user is logged in with ad credentials. So we see on the fortigate in firewall user monitor not the user but the the hostname of the laptop (for example laptop1234$@test.local)(picture enclose). Now if the user is logging in and open a browser he will see an autentication failure. If we do an manual deautenticate of the laptop1234$ in firewall user monitor and than the user is opening a browser window everything is working fine.
That is only happening if we have ip-based enabled. If we disable ip-based this problem not happen but we have other problems with applications that are not like webproxy. So we have to use ip-based.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.