Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sekoya
New Contributor

Created on ‎05-16-2022 04:21 AM Edited on ‎05-16-2022 04:25 AM

Web Filter on specific windows account

Dear community,

 

I'm woking in a company where20 users use a same windows account named : "call"

 

Is there a way to restrict internet access to this user only with fortigate? 

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/13383/creating-a-web-filter-profile

 

I have found that but it filter for each users and I need to restrict only this Windows user named "call"

 

KR

Labels:
1614
0 Kudos
1 Solution
seshuganesh
Staff
Staff

Created on ‎05-17-2022 04:34 AM

You can use this article for ad link to fortigate firewall:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-portal-and-LDAP-authentication/ta-...

 

If you want only google searches you can create one webfilter profile block all categories and in the same webfilter profile >> create url filter >> static >> *google.com*>>type:wild card>>action exempt>>enable

Then select the created web filter profile in the specific firewall policy.

 

Please check if its working or not

View solution in original post

1575
0 Kudos
3 REPLIES 3
seshuganesh
Staff
Staff

Created on ‎05-16-2022 06:07 AM

Hi Team,

 

If i am not wrong, you want to block the "call" user irrespective of ip address from which he has logged in?

Please confirm

If so, you can create firewall policy on top, with source to destination "deny", with source as specific ip address of machines and username "call" and destination as "all"

I wanted to know how you are authenticating those users ? how the firewall will recongnize that user?

If you give firewall policy as i mentioned, captive portal page will be shown for all those users, user has to give username firewall will identify that user in it database or you can configure ldap for captive portal authentication :
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-portal-and-LDAP-authentication/ta-...

 

1558
0 Kudos
sekoya
New Contributor
In response to seshuganesh

Created on ‎05-16-2022 11:32 PM

If i am not wrong, you want to block the "call" user irrespective of ip address from which he has logged in?

Yes exactly.

But this user "call" needs to have some internet access like simple google researches etc.

How to link my AD  users with fortigate ?

1541
0 Kudos
seshuganesh
Staff
Staff

Created on ‎05-17-2022 04:34 AM

You can use this article for ad link to fortigate firewall:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-portal-and-LDAP-authentication/ta-...

 

If you want only google searches you can create one webfilter profile block all categories and in the same webfilter profile >> create url filter >> static >> *google.com*>>type:wild card>>action exempt>>enable

Then select the created web filter profile in the specific firewall policy.

 

Please check if its working or not

1576
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.