Firewall authentication for specifik policies is really useful, in that
it is easy to force users to authenticate before accessing a specific
webserver. However, there is a snag if multiple users share the same IP
address. This could be due to using ...
FortiClientEMS is pushing 6.4.5 to Macs which were on 6.4.4, but every
time the user accepts the upgrade, it ends in "FortiClient upgrade
failed! Can not extract install file." It seems to happen no matter the
Macos version. Manually downloading the ...
I am wondering how to achieve the following setup, which is really easy
with IPSEC. For various unfortunate reasons it has to be done with
SSL-VPN instead. Client is FortiClient on various platforms, centrally
managed by EMS (but I do not think EMS m...
The problems mostly stopped after all clients got to 7.0.x, so I haven't
pursued it further. I think the problem is the version you are upgrading
FROM, not the one you upgrade TO. So once you are on 7.0.x, you should
hopefully see much smoother upgra...
Official advice from support is that the Fortigate cannot do this.
Firewall authentication is strictly per-IP, so any IP sharing results in
everyone getting access. FortiWeb should be able to, according to
specifications, but I have not tested.
The only "workaround" is to give the FortiClientEMS server a public IP
address and let the clients connect to that over the Internet. Except
they still lose connection and eventually license anyway, at least with
6.4.1.
I am hitting the problem you highlighted: I cannot distinguish between
the realms in the policy, and so the Fortigate will not let me create
the mapping. Just like you predicted. I am proceeding with the
workaround of making two groups. I have to say...