Greetings Experts:
--Help. I' m a consultant who recently inherited an Internet lock down project for an important client from two colleagues who left our firm before finishing said project. It' s quite a mess; the client is peeved; I' m confused (and irked at my former co-workers).
--The goal is to have three levels of Internet access based on user groups. What is the best way to do this? It looks like most of the configuration is done (see Notes below) except for the actual policies.
-- Do I need the FortiClient? I didn' t see a way to accomplish my goals with firewall policies or UTM, etc., after reading through the 4.0 admin guide as well as the FSAE guide and the knowledge base.
--I' m relatively new to advanced Fortigate configurations. However, I have setup other Fortigates to restrict Internet access globally with firewall policies and FortiGuard services.
--Please let me know if you need more info. I' m grateful for any and all advice.
Patrick
NOTES
--Goal:
Group 1 = Allow all
Group 2 = Allow all, blacklist a few sites
Group 3 = Deny all, but white list a few sites
--Device Info:
Fortigate 100A (OS 4.0 MR1 Patch 4)
--Config Info:
AD Security Groups created.
FSAE installed (LDAP mode) on Win 2K3 DC.
Local, Directory Service and User Groups created on the 100A.