Hello, we have an annoying issue here with user authentication to an IIS server through a Fortigate 240d (FortiOS 5.2.3) cluster.
I have made a policy that allows connection from the internet for the usergroup rds-users
source interface: wan1
source address: all
source users: rds-users
outgoing interface: inside
destination address: vip of iis server (static nat)
What happens is that, when you connect to this vip address from the internet, you get the Fortinet authentication portal, where you have to enter your (AD) username, password en fortitoken. When succesful authenticated, you can enter the company webportal.
This works great, however.... The next user that originates from the same public ip address, don't have to go through the authentication and is directly redirected to the webportal (!)
I haven't found a workaround for this yet, maybe anyone has an idea how to solve this issue?
Thank you and regards,