Hello all,
I have a Fortigate 200D with user identity firewall policies. User groups are using remote groups in Active Directory for authentication.
I need to enable non domain users (guest) to be prompted for username/pwd when they try to access internet.
AAA server is configured on the Fortigate for remote authentication of guest accounts.
I created a firewall policy with "Guest_Users" as Source User. This policy is placed at the bottom of the rules from LAN ---> WAN1,with the appropriate UTM features.
However, non domain users are not getting any prompt when trying to browse. they are simply blocked ( by rule 0)
Am I missing anything?
Regards,
Jaures.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you post a screenshot (san any identifiable IPs) showing your firewall policy list, including the column headers? Something like the following:
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hello Dave,
please see attached.
Seq #2 is a temporary rule. The fortigate is already in a production environment, so i had to do that for all users to access internet for now. I do the testing for other policies after working hours.
Seq #10 is the Guest_Users policy.
Seq #11 is a general web access policy for all domain users to access specific web sites only.
Regards,
Jaures.
Hello Dave,
Note also that, NAT is disabled on all policies because the Fortigate is behind an edge router that is performing
the NAT.
When testing my policies, i disable seq #2, and enable seq #10 and #11.
Regards,
Jaures.
Hello Dave,
I figured out how to enable to prompt login page for non domain users. I made that policy the last on the list, from LAN to WAN1... Now non domain users are prompted for credentials before they can browse.
I want to use remote servers (AAA server) for users authentication. I created a RADIUS server on the fortigate and test is successful. When users use their Active Directory credentials, authentication fails. But when they use a local account i created on the Fortigate, authentication is successful.
Any idea on this, please?
Regards,
Jaures.
Hello All,
Remote authentication using AAA server worked now, when users are prompted for username/password before browsing. I had to change the conditions/constraints on the windows NPS server.
Thank you Dave, for your help.
Jaures.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.