I have a rather restrictive FSAE policy in which most users get a white list and some get a basically open internet. We have a terminal server and would like to give different users different permissions.
Is this possible now with Virtual IPs on the terminal server?
There are a couple different ways to accomplish what you are asking for. If your terminal server is compatible with the Fortinet Terminal Server Agent I would suggest going with that. I will watch who logs in and allocate ports for each individual user. It then reports to your FSSO Collector which users are using which sessions. You can download this in the same area that you would download firmware updates.
Your other option is to install the Forticlient and create endpoint profiles with webfiltering enabled that apply to each user just as your normal policies would. I have had mixed success with the Forticlient. It will enable Anti-Virus protection on a default installation so make sure you don' t have any other AV running that might conflict with this. Once it is installed you can disable the AV function and just do webfiltering.
FortiAdam the question is will that work without Citrix! It is perfectly unclear to me that it will.
HA: Definitely an interesting solution I will need to look into! I prefer using the agent but that could definitely work.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.