Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Liza1
New Contributor III

Created on ‎07-04-2024 02:05 AM Edited on ‎08-09-2024 12:07 AM By Moderator

Web Filtering and FSSO

If I want to create a policy where an AD user, for example USER1, cannot access a specific website like Facebook. Is there a guide on how to create a firewall policy like this: Source: USER1 Dest All Web Filtering: Block_Facebook? I really need specific instructions on this. I am using FSSO in Fortigate. This user is From AD DOMAIN CONTROLLER

#FortiGate 

864
0 Kudos
4 REPLIES 4
ozkanaltas
Valued Contributor III

Created on ‎07-04-2024 03:57 AM

Hello @Liza1 ,

 

Actually there is no big difference in FSSO rule configuration. If your FSSO service works properly, you need to add the FSSO user group to the source area in the rule configuration. I couldn't find anything directly about it but I tried to show it on my firewall configuration.Also you can review this document for FSSO. 

 

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/576158/configuring-fsso-fire...

 

 image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
831
Liza1
New Contributor III
In response to ozkanaltas

Created on ‎07-04-2024 05:17 AM

i write this is it right? but i dont have traffic in this policy. maybe its problem of FSSO connection with AD server?
Screenshot 2024-07-04 161609.png

821
0 Kudos
ozkanaltas
Valued Contributor III
In response to Liza1

Created on ‎07-04-2024 05:38 AM

Hello @Liza1 ,

 

Your configuration is correct but I think your user object is wrong. Normally, FSSO user icon should be like this.

 

image.png

 

When I reviewed your screenshot, I saw your user object is a local user. This user type needs active authentication. Because of that, you can't use this user object for FSSO. 

 

To create an FSSO user, you can follow this document. 

 

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/576158/configuring-fsso-fire...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
815
Shashwati
Staff
Staff

Created on ‎07-04-2024 08:12 AM

Configure local user group using FSSO user group and user that local firewall user group on the Firewall policy

786
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.