Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JP57
New Contributor II

SSL VPN client policies without EMS

Is it possible...without EMS to be able to apply specific policies based on whether or not a client PC is domain attached?  We have a 201F setup with SSL VPN access and basic policies in place to access internal resources.  We're using the free FortiClient VPN-only and don't have EMS.  However, it would be GREAT to be able to do something like...IF the client is domain-joined to our on-prem AD, then allow it full access.  IF the client is NOT domain joined, limit to RDP.

3 REPLIES 3
AEK
Honored Contributor

I think you are looking for FSSO. This allows you to create policies based on domain users that are logged on domain-joined clients.

If this is what you need then you can start here:

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/450337/fsso

AEK
AEK
JP57
New Contributor II

I do have SSO setup.  Using that to authenticate users.  All users have AD accounts.  We do allow users to have the VPN client on their personal computers.  These are the ones that I want to limit to RDP.  So, basically I can have SSO check if the computer is domain joined or not?  

AEK
Honored Contributor

I don't think FSSO works on PC that is not part of a domain. I mean a user can only open an AD session on a domain joined computer, otherwise it is not an AD session and so it can't be FSSO.

AEK
AEK
Labels
Top Kudoed Authors