I have fortigate enabled explicit proxy on it, im using fsso as my authentication rule in addithion to ldap I have made made this on one authentication rule.the idea of the setup is be ldap as failover soluation in case of fsso not working Q if i have policies with this order 1ST policy - spacific user group using LDAP AUTH2Nd policy - all user group contain the above group but with FSSO3RD policy - Same above user group using ldap And group is exist on fsso lsit and work - - ldap will work or not i.e authentication page will not appear to enter credentials right Also in user monitor im seeing that beside user wtittien authentication firewall, explicit proxy although user group is SSO
Hi,
scenario and words like "user wtittien" not clear to me. However if your authentication setting says that sso-auth-scheme is some authentication scheme with method set to fsso, then explicit proxy should use FSSO, and if workstation IP where you are testing from is already known to FSSO and listed, then traffic should be allowed according to group membership of user and groups known from that source IP.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Is it double to configure FSSO as primary method and ldap as secondary in case FSSO didnt work
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.