Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nsumner
New Contributor

Terminal Server + Virtual IP

I have a rather restrictive FSAE policy in which most users get a white list and some get a basically open internet. We have a terminal server and would like to give different users different permissions. Is this possible now with Virtual IPs on the terminal server?
6 REPLIES 6
nsumner
New Contributor

Any ideas?
natech
New Contributor

It should be; I' m about to load up a test environment this week and try it out.
FortiAdam
Contributor II

There are a couple different ways to accomplish what you are asking for. If your terminal server is compatible with the Fortinet Terminal Server Agent I would suggest going with that. I will watch who logs in and allocate ports for each individual user. It then reports to your FSSO Collector which users are using which sessions. You can download this in the same area that you would download firmware updates. Your other option is to install the Forticlient and create endpoint profiles with webfiltering enabled that apply to each user just as your normal policies would. I have had mixed success with the Forticlient. It will enable Anti-Virus protection on a default installation so make sure you don' t have any other AV running that might conflict with this. Once it is installed you can disable the AV function and just do webfiltering.
HA
Contributor

Hello, Another solution is to enable explicit proxy on the FGT appliance. Next, create an identity (web proxy) policy rule and enable NTLM auth. Regards, HA
nsumner
New Contributor

FortiAdam the question is will that work without Citrix! It is perfectly unclear to me that it will. HA: Definitely an interesting solution I will need to look into! I prefer using the agent but that could definitely work.
FortiAdam
Contributor II

I have had success with the TS Agent on servers with and without Citrix.
Labels
Top Kudoed Authors