Examples and Troubleshooting Authentication

To create the firewall user group – CLI:

config user group

edit Internet_users

set group-type firewall set member User1 User2

end

 

Defining policy addresses

1. Go to Policy & Objects > Objects > Addresses.

2. Create the following addresses:

Address Name                           Internal_net

Type                                            Subnet

Subnet / IP Range                     10.11.102.0/24

Interface                                     Port 3

Address Name                           Windows_net

Type                                            Subnet

Subnet / IP Range                     10.11.101.0/24

Interface                                     Port 2

 

Creating security policies

Two security policies are needed: one for firewall group who connect through port3 and one for FSSO group who connect through port2.

 

To create a security policy for FSSO authentication – web-based manager:

1. Go to Policy & Objects > Policy > IPv4 and select Create New.

2. Enter the following information:

 

  Incoming Interface Port2
Source Address Windows_net
Source User(s) FSSO_Internet_users
Outgoing Interface Port1
Destination Address all
Schedule always
Service ALL
NAT ON
Security Profiles Optionally, enable security profiles.
 

3.

 

Select OK.

 

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos