Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Anne
New Contributor III

Web Filtering for AD and non AD users

Hi there, We have got Fortinet 310B v 5.0.3. One of our customers wants to setup Fortigate Web Filtering using Security Profiles. They use AD authentication for some users and thin clients for others. The users who use thin clients do not have any AD credentials and get DHCP assigned ip addresses. The web filtering requirements are pretty basic. I know how to do it for the users with AD accounts but how can we implement for users without AD accounts. If I create an identity based policy and apply web filter to it, I know it would work for AD users which would allow/block them for from accessing web sites What I wanted to know is if I used the same web filter and create a simple policy to allow all to the internet, would it allow the non AD users to browse internet as per the applied web filter or simply block as per the previous rule. Thanks Anne
6 REPLIES 6
rwpatterson
Valued Contributor III

Non AD users would be shown as ' Guest_FSSO_User' (or something similar). They can be part of an identity based policy as such and can be acted on accordingly.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Anne
New Contributor III

Thanks Bob. Can you please elaborate this a little bit. Is there any example to refer to?
rwpatterson
Valued Contributor III

When you go to create your User Groups, there is a default that cannot be deleted. That group cannot be edited. It' s purpose is to capture anyone else that isn' t authenticated.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Anne
New Contributor III

Thank you very much. I had no idea about this. Also, is it possible to upload whitelist from web marshal to fortigate directly without having to manually create one.
rwpatterson
Valued Contributor III

I' m not familiar with Web Marshal. I can' t answer that one.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Dipen
New Contributor III

If " Thin Clients" are limited in Number you can use Device Based Policy for them. Create Devices Manually using MAC Addresses and finally a Device Group. Then u create a Device based policy with UTM Filters as required.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors