Hai
Dear support,
Using FG-90D, how do i assign either specific IP or Group-of IPs having access to facebook?
Please help.
Thank you.
.d
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
and welcome to the forums.
The forums are a self-help platform from users and partners, run in their spare time, for exchange of experience and practices. If you expect the Fortinet support to help you, this is not the right place. With a valid support contract FTNT is obliged to assist you. Open a ticket at support.fortinet.com .
Anyhow, we would like to give you hints but I would ask you to supply more information. What are you planning to achieve? Are you talking about source addresses, destination addresses, NAT, ...? How is the application FB related to the problem?
Hai
Dear Ede,
a) Overall security policy blocks all social-sites.
b) for specific business need, i need certain user/users to have access to FB site.
Ques: How do i do that in FG-90D as i wish to have a Group setting and no need to add policy an IP at a time.
if there is a better way, hope you can advice.
Thank you.
Let's assume your FGT is running FOS v5.2 or v5.4 - please specify.
Use a policy with authentication! If you create a regular security policy, with source and destination addresses, service etc. from 'internal' to 'wan' then just add a (already configured) user group to 'source address'. Now, users have to first authenticate against the FGT and are then allowed to send traffic across that policy.
If the number of users is small, say up to 20 users, you can create local user accounts on the FGT. Or create remote authentication via MSAD/LDAP.
If you don't like that idea you could authenticate via the device ID. For that, device detection has to be enabled on the 'internal' interface. The disadvantage of this is that permission is tied to hardware, not knowledge.
You find all of this, concepts and examples, in the 'FortiOS Handbook' for your version, from docs.fortinet.com. Read into it to get inspired how these scenarios are handled with a FGT.
I'm not a sales person from FTNT but to identify all social-sites, which might keep changing, you need to have Fortiguard Web filtering service as mentioned in the cookbook.
http://cookbook.fortinet.com/blocking-social-media-using-fortiguard-categories-54/
You could also do a combination of a web filtering profile + Application Sensor (and CASI depending on which FortiOS version you are running) to allow access to Social Networking as a category and restrict access to specific social network sites via the Application sensor and CASI profile. I've even used these to restrict access to specific features within the social networking to make them read only (i.e. block posting, chat, and file upload).
Hope that helps
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.