Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mrandrew
New Contributor II

SSO and Web Filtering

I thought I read somewhere that a user could be part of multiple groups.  How do I handle exceptions with groups?  For instance, let's say that the "standard" web profile for all does not allow access to gmail.  Then, I get a new request from the boss to allow him to get to gmail.  How is this done with agent based FSSO?  What if I have the reverse?  Let's say that the "standard" web filter allows access to auction sites like ebay.  Then I get a request from a department head that requests all of his employees to be denied access to ebay.  How do I handle this?

 

Thanks,

 

Andrew

Andrew

Andrew
2 REPLIES 2
trubble
New Contributor

You can apply multiple policies, least restrictive at the top.  The first policy that matches the user's identity in the list (from top down) is the one applied to the user.  

 

You might create a Gmail User group, and place the Boss in that group.  Then clone your existing web profile, name it "standard + gmail" or something and add gmail as an exception under that profile. Then go to your policies, copy the existing policy and paste it just above then modify the top policy so that it is only applied to the Gmail User Group.

 

Now, when your boss logs in, the new policy is applies to him but the other users don't match this policy so they would move on to the next one which is your standard web profile.

 

Similarly, you can add the users from the department needing access to ebay to a new eBay User Group, clone the standard profile and make an exception for ebay, copy/paste the policy above the existing and apply it only to the eBay User Group.

 

That's essentially how we do it anyway.  

tcprado
New Contributor

I'm also having trouble with web filtering by user groups. Actually all I want to do is allow users of a certain group to surf the web and all unauthd users to be blocked by the last rule.

 

Labels
Top Kudoed Authors