User based proxy policy

ahull0 · ‎08-31-2023

Hi,

I have inherited a network with Fortigate explicit proxy with user based policies. The users are LDAP users.

There is also an authentication rule/scheme connecting to the DC method NTLM.

I googled and went trough the cookbooks, but can someone explain to me what the relationship is between the user based Proxy policies and the NTLM auth rule.

Reason I ask is there are proxy policies where the source subnet is not in the source field of the auth rule, but it seems the rules are working. Trying to understand the goal of the authentication rule

192.168.0.1 router login 192.168.l.l

Falinao · ‎08-31-2023

It's great that you're actively researching and trying to make sense of the setup you've inherited. In the realm of network cleaning, understanding the intricacies of policies and authentication rules is essential for a smooth and efficient operation.

User-based proxy policies and NTLM authentication rules often work hand in hand to ensure secure and controlled access. Think of them as the dynamic duo of network hygiene.

User-based Proxy policies primarily focus on defining which users or LDAP users have access to specific resources through the proxy. They set the guidelines for who can do what in terms of web access, which is crucial for maintaining a clean and secure network environment.

hbac · ‎09-01-2023

Hi @ahull0,

"user based policies" are you referring to FSSO based authentication? Depending on the authentication scheme/rule and whether you have "IP-based Authentication" enabled or not under authentication scheme. You can refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explicit-proxy-with-NTLM-authentication/ta...

Regards,

User based proxy policy

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website