Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web Filter precedence with membership to multiple groups
Hi all,
I looked through the forum and searched but couldn' t find anything on this topic. I am going to be setting up web filtering based off of active directory group membership. This will be on a Fortigate 100D running v5.0,build4429
What I need to know is how group membership will be treated. Will it be the most restrictive or the most permissive. I need to know how I should approach setting up policies. A new default policy that is very restrictive and then groups to allow access. Or a liberal policy then restrict based on groups.
What happens if the user is a member of multiple groups, does the most permissive setting applied or the most restrictive?
Thanks!
- « Previous
-
- 1
- 2
- Next »
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
What I mean is very simple...
What if a user is member of two groups ?
Regards,
HA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What if a user is member of two groups ?The first matching rule (group) will decide which profile is being used. Within an authentication policy there is also an order of the rules... lets say group A - Webfilter Profile A group B - Webfilter Profile B group C - Webfilter Profile C If a user is in all groups - the Webfilter Profile A is being used. If the user is in group B+C -> WF Profilte B is being used and so on... Therefore you need to take care, that groups with more access rights sit on top of your auth policy.
I have also verified with support that only singular group membership is supported.This is not true! This was with earlier firmware - But actual software allows you to have users in multiple groups!

- « Previous
-
- 1
- 2
- Next »