Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
trubble
New Contributor

Web-based authentication fallback

Greetings!  

 

We use FSSO for authentication and identity-based policies.   We have a catch-all policy in place which provides minimal access to the Web for users/machines not authenticated via FSSO.  

 

I'd like our catch-all policy to instead prompt for web-based authentication against LDAP instead so that the proper policies can be applied to the user.  

 

Can this be done?   

1 REPLY 1
fortitrolol
New Contributor

yes, it can be done.

 

 

Edit:  I guess I could tell you how.

 

I assume you're on 5.2, but even if you're still riding the 5.0 train it's very similar.

 

You'll need to create an LDAP connection and then create an LDAP group. Once this is done you create your policy for authentication(which it sounds like you already have).

 

in 5.0 you would create a sub-policy underneath the policy with FSSO authentication. In that policy, instead of using an FSSO group, you would in turn use the LDAP group you created.

 

in 5.2 you would just add the LDAP group to the policy that each associated FSSO group is in.  This way it will fall to the captive portal in case FSSO dinks up on you.

 

Also, make sure the sequential order is proper and you should be golden.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors