Hello all,Please i found this work around to prevent CSRF attack on ssl
vpn web portal: Syntax:config vpn ssl settingsset check-referer
[enable|disable]end unforunately, this does not seem to be supported on
FortiOS 5.2.I am currently using fortiOS 5...
Hello all, I have a customer who is using Forticlient for SSO in his
environment. He does not want the AV feature of the forticlient.he
installed the Forticlient using a .msi file I generated with
FortiAuthenticator settings embedded, and AV disabled...
Hello all,I have a Fortigate 200D with user identity firewall policies.
User groups are using remote groups in Active Directory for
authentication.I need to enable non domain users (guest) to be prompted
for username/pwd when they try to access inter...
Hello all, I have to implement policies on a Fortigate 200D (running
version 5.2.2).First, I need to allow all Lan users access to some
websites they need for work.Some of the websites are specific
(www.google.com), some of them use wildcard (ie *.fo...
Hello all,I have a fortigate behind an edge router. The edge router is
doing NAT for internal servers and internal users.Internal servers are
connected to the DMZ interface on the FOrtigate. Internal users are
connected to the INSIDE interface.the OU...
Hello All, Remote authentication using AAA server worked now, when users
are prompted for username/password before browsing. I had to change the
conditions/constraints on the windows NPS server. Thank you Dave, for
your help. Jaures.
Hello Dave,I figured out how to enable to prompt login page for non
domain users. I made that policy the last on the list, from LAN to
WAN1... Now non domain users are prompted for credentials before they
can browse.I want to use remote servers (AAA ...
Hello Dave,Note also that, NAT is disabled on all policies because the
Fortigate is behind an edge router that is performingthe NAT.When
testing my policies, i disable seq #2, and enable seq #10 and #11.
Regards,Jaures.
Hello Dave,please see attached.Seq #2 is a temporary rule. The fortigate
is already in a production environment, so i had to do that for all
users to access internet for now. I do the testing for other policies
after working hours.Seq #10 is the Gues...
