Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sadhi_Jayz
New Contributor II

User Identification for Workspace One Proxy Users.

Hi All,

 

My Customer recently moved to a FortiGate from a Palo Alto firewall. Customer is using workspace one. It acts like a proxy (tunnels the traffic to the Workspace One server). All customer internet traffic comes to Workspace One server from a DNAT in FortiGate. Then those traffic go out by making the source IP of the workspace one server. I need to implement user based rules for users who are using workspace one when reaching internet. Also user identification need to be SSO. When I enable network detection in interfaces. Some users were detected like in the below image. Customer don't want to go with captive portals. what can I do for this. (For Citrix VDI environment We are using FSSO and TS Agent. it is working fine)

 

WorkSpace One.pngUser_ID.png

 

1 REPLY 1
jamesmid
New Contributor


@Sadhi_Jayzsurah yaseen pdf wrote:

Hi All,

 

My Customer recently moved to a FortiGate from a Palo Alto firewall. Customer is using workspace one. It acts like a proxy (tunnels the traffic to the Workspace One server). All customer internet traffic comes to Workspace One server from a DNAT in FortiGate. Then those traffic go out by making the source IP of the workspace one server. I need to implement user based rules for users who are using workspace one when reaching internet. Also user identification need to be SSO. When I enable network detection in interfaces. Some users were detected like in the below image. Customer don't want to go with captive portals. what can I do for this. (For Citrix VDI environment We are using FSSO and TS Agent. it is working fine)

 

WorkSpace One.pngUser_ID.png


To implement user-based rules for Workspace ONE proxy users without using captive portals, consider leveraging FortiGate's integration with Workspace ONE for user identification. Since you're already using FSSO and TS Agent in your Citrix VDI environment, you might explore extending this setup to include user identification for Workspace ONE users as well. You can also configure the FortiGate to capture SSO authentication events and map them to user sessions. This way, you can enforce policies based on user identity without requiring a captive portal.

fire kirin
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors