To create the firewall user group – CLI:
config user group
edit Internet_users
set group-type firewall set member User1 User2
end
Defining policy addresses
1. Go to Policy & Objects > Objects > Addresses.
2. Create the following addresses:
Address Name Internal_net
Type Subnet
Subnet / IP Range 10.11.102.0/24
Interface Port 3
Address Name Windows_net
Type Subnet
Subnet / IP Range 10.11.101.0/24
Interface Port 2
Creating security policies
Two security policies are needed: one for firewall group who connect through port3 and one for FSSO group who connect through port2.
To create a security policy for FSSO authentication – web-based manager:
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information:
| Incoming Interface | Port2 | |
| Source Address | Windows_net | |
| Source User(s) | FSSO_Internet_users | |
| Outgoing Interface | Port1 | |
| Destination Address | all | |
| Schedule | always | |
| Service | ALL | |
| NAT | ON | |
| Security Profiles | Optionally, enable security profiles. | |
|
3. |
Select OK. |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!