Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Previously, when a user belonged to multiple user groups, this user could only access the group services that were within one group. With multiple group enforcement, a user can access the services within the groups that the user is part of. For example, userA belongs to user_group1, user_group2, user_group3, and user_group4; previously userA could only access services within one of those four groups, typically the group that matches the first security policy. This can be annoying if HTTP access is in user_group1, FTP access is in user_group2, and email access is in user_group3. Now userA can access services within user_group1, user_group2, user_group3, and user_group4. This feature is available only in the CLI and is enabled by default. It applies to RADIUS, LDAP, and TACACS+ servers. The new command for this feature is auth-multi-group found in config user settings and checks all groups a user belongs to for authentication.Please clarify what your trying todo?
PCNSE
NSE
StrongSwan
Hi all and sorry for resurrecting old topic.
I have something similar to achieve. My goal is to create more than one group for VPN access.
1 for remote employees, 1 fore contractors, 1 for admins. Each group is going to have different level of access for network and hosts.
So, in Active Directory i will create group A, B and C and put users in those groups (none of users will be in multiple groups)
Create groups FG under "Users & auth." - User Groups and groups will be remote groups from AD. VNP - SSL VPN Settings - under Authentication/Portal Mapping throw and all 3 groups to proper portal.
Create at least 3 policy-s so that users can connect and access allowed resources.
Is this idea ok or is there some another way to achieve goal?
Thank you!
I have the same question :), did you get an answer for this?
Hi,
yes it has been solved.
AD is needed, but mine was RADIUS server as an authentication service.
All groups intended for VPN needs to be mapped into portal, after that just put them into FW policy as intended.
Cheers!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.