Created on 07-04-2024 02:05 AM Edited on 08-09-2024 12:07 AM By Jean-Philippe_P
If I want to create a policy where an AD user, for example USER1, cannot access a specific website like Facebook. Is there a guide on how to create a firewall policy like this: Source: USER1 Dest All Web Filtering: Block_Facebook? I really need specific instructions on this. I am using FSSO in Fortigate. This user is From AD DOMAIN CONTROLLER
#FortiGate
Hello @Liza1 ,
Actually there is no big difference in FSSO rule configuration. If your FSSO service works properly, you need to add the FSSO user group to the source area in the rule configuration. I couldn't find anything directly about it but I tried to show it on my firewall configuration.Also you can review this document for FSSO.
i write this is it right? but i dont have traffic in this policy. maybe its problem of FSSO connection with AD server?
Hello @Liza1 ,
Your configuration is correct but I think your user object is wrong. Normally, FSSO user icon should be like this.
When I reviewed your screenshot, I saw your user object is a local user. This user type needs active authentication. Because of that, you can't use this user object for FSSO.
To create an FSSO user, you can follow this document.
Configure local user group using FSSO user group and user that local firewall user group on the Firewall policy
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.