Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sekoya
New Contributor

Web Filter on specific windows account

Dear community,

 

I'm woking in a company where20 users use a same windows account named : "call"

 

Is there a way to restrict internet access to this user only with fortigate? 

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/13383/creating-a-web-filter-profile

 

I have found that but it filter for each users and I need to restrict only this Windows user named "call"

 

KR

1 Solution
seshuganesh
Staff
Staff

You can use this article for ad link to fortigate firewall:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-portal-and-LDAP-authentication/ta-...

 

If you want only google searches you can create one webfilter profile block all categories and in the same webfilter profile >> create url filter >> static >> *google.com*>>type:wild card>>action exempt>>enable

Then select the created web filter profile in the specific firewall policy.

 

Please check if its working or not

View solution in original post

3 REPLIES 3
seshuganesh
Staff
Staff

Hi Team,

 

If i am not wrong, you want to block the "call" user irrespective of ip address from which he has logged in?

Please confirm

If so, you can create firewall policy on top, with source to destination "deny", with source as specific ip address of machines and username "call" and destination as "all"

I wanted to know how you are authenticating those users ? how the firewall will recongnize that user?

If you give firewall policy as i mentioned, captive portal page will be shown for all those users, user has to give username firewall will identify that user in it database or you can configure ldap for captive portal authentication :
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-portal-and-LDAP-authentication/ta-...

 

sekoya

If i am not wrong, you want to block the "call" user irrespective of ip address from which he has logged in?

Yes exactly.

But this user "call" needs to have some internet access like simple google researches etc.

How to link my AD  users with fortigate ?

seshuganesh
Staff
Staff

You can use this article for ad link to fortigate firewall:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-portal-and-LDAP-authentication/ta-...

 

If you want only google searches you can create one webfilter profile block all categories and in the same webfilter profile >> create url filter >> static >> *google.com*>>type:wild card>>action exempt>>enable

Then select the created web filter profile in the specific firewall policy.

 

Please check if its working or not

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors