Hi All,
My Customer recently moved to a FortiGate from a Palo Alto firewall. Customer is using workspace one. It acts like a proxy (tunnels the traffic to the Workspace One server). All customer internet traffic comes to Workspace One server from a DNAT in FortiGate. Then those traffic go out by making the source IP of the workspace one server. I need to implement user based rules for users who are using workspace one when reaching internet. Also user identification need to be SSO. When I enable network detection in interfaces. Some users were detected like in the below image. Customer don't want to go with captive portals. what can I do for this. (For Citrix VDI environment We are using FSSO and TS Agent. it is working fine)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@Sadhi_Jayzsurah yaseen pdf wrote:Hi All,
My Customer recently moved to a FortiGate from a Palo Alto firewall. Customer is using workspace one. It acts like a proxy (tunnels the traffic to the Workspace One server). All customer internet traffic comes to Workspace One server from a DNAT in FortiGate. Then those traffic go out by making the source IP of the workspace one server. I need to implement user based rules for users who are using workspace one when reaching internet. Also user identification need to be SSO. When I enable network detection in interfaces. Some users were detected like in the below image. Customer don't want to go with captive portals. what can I do for this. (For Citrix VDI environment We are using FSSO and TS Agent. it is working fine)
To implement user-based rules for Workspace ONE proxy users without using captive portals, consider leveraging FortiGate's integration with Workspace ONE for user identification. Since you're already using FSSO and TS Agent in your Citrix VDI environment, you might explore extending this setup to include user identification for Workspace ONE users as well. You can also configure the FortiGate to capture SSO authentication events and map them to user sessions. This way, you can enforce policies based on user identity without requiring a captive portal.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.