Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ahull0
New Contributor

User based proxy policy

Hi,

I have inherited a network with Fortigate explicit proxy with user based policies. The users are LDAP users.

There is also an authentication rule/scheme connecting to the DC method NTLM.

I googled and went trough the cookbooks, but can someone explain to me what the relationship is between the user based Proxy policies and the NTLM auth rule.

Reason I ask is there are proxy policies where the source subnet is not in the source field of the auth rule, but it seems the rules are working. Trying to understand the goal of the authentication rule

2 REPLIES 2
Falinao
New Contributor

It's great that you're actively researching and trying to make sense of the setup you've inherited. In the realm of network cleaning, understanding the intricacies of policies and authentication rules is essential for a smooth and efficient operation.

User-based proxy policies and NTLM authentication rules often work hand in hand to ensure secure and controlled access. Think of them as the dynamic duo of network hygiene.

User-based Proxy policies primarily focus on defining which users or LDAP users have access to specific resources through the proxy. They set the guidelines for who can do what in terms of web access, which is crucial for maintaining a clean and secure network environment.

hbac
Staff
Staff

Hi @ahull0

 

"user based policies" are you referring to FSSO based authentication? Depending on the authentication scheme/rule and whether you have "IP-based Authentication" enabled or not under authentication scheme. You can refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explicit-proxy-with-NTLM-authentication/ta...

 

Regards,