Configuring Peer user groups

Configuring Peer user groups Peer user groups can only be configured using the CLI. Peers are digital certificate holders defined using the config user peer command. The peer groups you define here are used in dialup IPsec VPN configurations that accept RSA certificate authentication from members of a peer certificate group.   To create a […]

SSO user groups

SSO user groups SSO user groups are part of FSSO authentication and contain only Windows or Novell network users. No other user types are permitted as members. Information about the Windows or Novell user groups and the logon activities of their members is provided by the Fortinet Single Sign On (FSSO) which is installed on […]

Troubleshooting FSSO

Troubleshooting FSSO When installing, configuring, and working with FSSO some problems are quite common. A selection of these problems follows including explanations and solutions. Some common Windows AD problems include: General troubleshooting tips for FSSO Users on a particular computer (IP address) can not access the network Guest users do not have access to network […]

Testing FSSO

Testing FSSO Once FSSO is configured, you can easily test to ensure your configuration is working as expected. For additional FSSO testing, see Troubleshooting FSSO on page 551. 1. Logon to one of the stations on the FSSO domain, and access an Internet resource. 2. Connect to the CLI of the FortiGate unit, and if possible […]

FortiOS FSSO log messages

FortiOS FSSO log messages There are two types of FortiOS log messages — firewall and event. FSSO related log messages are generated from authentication events. These include user logon and log off events, and NTLM authentication events. These log messages are central to network accounting policies, and can also be useful in troubleshooting issues. For […]

Creating security policies

Creating security policies Policies that require FSSO authentication are very similar to other security policies. Using identity-based policies, you can configure access that depends on the FSSO user group. This allows each FSSO user group to have its own level of access to its own group of services In this situation, Example.com is a company […]