I'm looking for a way to block applications based on the "Hostname", but
the "Hostname" has a space in it. For example, there is a Just Proxy VPN
that is getting through our firewall. If I filter the Application
Control log, the Application is SSL_TL...
We have 5.4.4 and FSSO (AD) on our Windows computers. We had to disable
fast user switching because FSSO didn't always pick the right profile
when the users switched on that computer. However, we have a few people
who are asking if it's a possible to...
I have a Windows 10 machine with FortiClient 5.2 set with SSL-VPN Remote
Access set to "Enable VPN before logon". At my Windows 10 logon prompt,
I have 3 boxes - Windows username & password, and a dropdown so I can
choose either the saved VPN or 'non...
I've read the forums and can't find a similar request.
https://forum.fortinet.com/tm.aspx?m=133794 comes close but there are no
responses there. All our devices get authenticated - even if it just
drops to SSO_Guest_users as "guest". We don't current...
This worked for a while...but then it seemed to break my HA so I removed
them. I switched from Active-Active to Active-Passive until I can get
upgraded to 5.6 to see if that helps my HA (waiting on Fortianalyzer 5.6
firmware). In the meantime, I took...
I added that one and a couple more that were getting through - I
mistakenly thought that because I set the app_cat to 6 ("Proxy") which
is already a blocked category that would be enough. But I had to
explicitly add that custom signature to my Applic...
You can do this, we do similar; we use FSSO with the DC agent on our
Windows domain controller, but the situation you list is similar to our
iPads - our iPads get the "student" (guest) policy which is more
restricted and it can be overrode but has no...
Props to AlexFeren for the info on how to do this - I used that info and
expanded on it to give me what I needed. You need to use Deep/Full SSL
inspection to restrict on the words in the URL, and if you deploy
certificates I think it is easier to con...
