Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Ways to Authenticate Users for Web Filtering

Currently the FGT is setup with LDAP and I'm able to add admin users to the firewall for authentication for management.  Is there a way, if for example the FGT is, to have end users go to and sign in with their credentials on the FGT in tab 1 of their browser, and then launch tabs 2-5 for instance and the authentication credentials from tab 1 carry over?  So users don't have to authenticate for every website they visit.  I know about FSSO but that's not an option at this point (5 computers all logged in as admin but with 5 different users actively using the computers so it needs to be based on the person who's launching the browser).  I was thinking of enabling NTLM fallback for authentication on all the outbound policies but not sure that correct solution.  Also, how deep would nested groups be supported in this scenario?

New Contributor II

Hello, have a look at ip based authentication as authentication scheme. So you only have to login one time, when first trying to surf to an website. Afterwards the clients is still authenticated until idle timeout occurs.



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors