Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
imran
New Contributor

User Authentication on Fortinet

I am using FortiGate 1000C and i have users our the network which browse internet after successfully authentication .But the problem is that the other user can also use some other users password to browse the internet.I want to have the user session at only one workstation on the network.If some other uses the same credentials .it shouldn't be login.

 

 
5 REPLIES 5
emnoc
Esteemed Contributor III

So how does another user gain the other user credentials? A user credentials should be unique to that specific user and not shared. I don't think user-based policy will control that specific level  in a dynamic address toology.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
imran
New Contributor

The other user cann't gain .actually we have applied different policies on different groups .Some user share their username / passwords with their so the other one can access the websites/applications.We want to active the user at only one workstation rather than it'll have sessions on different 

xsilver_FTNT

Hello,

I'm sorry but that seems to me as bad security design in first place.

However some hints to that topic :

- what about to use per source IP based policies so there will be authentication required for specific user group and selected workstations based on their IP addresses. Hope that you at least enforce and have controll over IP addressing od DHCP, so you know, can predict and enforce per source IP policies ?

- or what about the FSSO + local user with Workstation parameter set so FSSO should be allowed for that user just from his workstation name ?

 

There are definitely some ways, but in general I would NOT recommend to share accounts in any way. If you wanna share/allow access through identity based policy for more users, then simply put them into allowed group. This way you can change the allowed users in any time just by changing members of the group.

 

Hope it helped a bit. Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

MikePruett

Yeah, tighten ship on the password sharing and do what Silver suggests and you will be on your way

Mike Pruett Fortinet GURU | Fortinet Training Videos
ede_pfau

I think I remember that there is a (global) setting which prohibits multiple logins per user (there is one for admins also). That should do the trick. Scan the CLI Reference Guide for "concurrent"...

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors