Created on 07-04-2024 02:05 AM Edited on 08-09-2024 12:07 AM By Jean-Philippe_P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web Filtering and FSSO
If I want to create a policy where an AD user, for example USER1, cannot access a specific website like Facebook. Is there a guide on how to create a firewall policy like this: Source: USER1 Dest All Web Filtering: Block_Facebook? I really need specific instructions on this. I am using FSSO in Fortigate. This user is From AD DOMAIN CONTROLLER
#FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Liza1 ,
Actually there is no big difference in FSSO rule configuration. If your FSSO service works properly, you need to add the FSSO user group to the source area in the rule configuration. I couldn't find anything directly about it but I tried to show it on my firewall configuration.Also you can review this document for FSSO.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i write this is it right? but i dont have traffic in this policy. maybe its problem of FSSO connection with AD server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Liza1 ,
Your configuration is correct but I think your user object is wrong. Normally, FSSO user icon should be like this.
When I reviewed your screenshot, I saw your user object is a local user. This user type needs active authentication. Because of that, you can't use this user object for FSSO.
To create an FSSO user, you can follow this document.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configure local user group using FSSO user group and user that local firewall user group on the Firewall policy