Does anyone know if it is possible to use multiple authentication groups with the SSl VPN Portals.
If I have a user that is a member of several Groups it always tries to use the first one it finds in the policy for authentication.
I' ve tried enabling the auth-multi-group setting but it doesn' t seem to have any effect for the SSl VPN' s.
Thanks for any help or advise.
Can you clarify what your trying todo? If your looking at using multiple authentication methods radius vrs ldap, I think the 1st authentication method would be selected.
Per the release notes on auth-multi-group, since you mention it.
Previously, when a user belonged to multiple user groups, this user could only access the group services that were within one group. With multiple group enforcement, a user can access the services within the groups that the user is part of.
For example, userA belongs to user_group1, user_group2, user_group3, and user_group4; previously userA could only access services within one of those four groups, typically the group that matches the first security policy. This can be annoying if HTTP access is in user_group1, FTP access is in user_group2, and email access is in user_group3. Now userA can access services within user_group1, user_group2, user_group3, and user_group4.
This feature is available only in the CLI and is enabled by default. It applies to RADIUS, LDAP, and TACACS+ servers. The new command for this feature is auth-multi-group found in config user settings and checks all groups a user belongs to for authentication.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.