Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yathu
New Contributor

User group creation

I have fortinet 30E, but i haven't active directory.

then how can i create group and block YouTube specific user

pls tel me......... 

4 REPLIES 4
EMES
Contributor

You can block by source ip or authenticate all your users by creating local users on the firewall. You would put the users in your outbound security policy.
xsilver_FTNT
Staff
Staff

Hi yathu,

how about local user groups on FGT and then their use in firewall policy + web/url filters ?

Regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

yathu

Hi

I struggled to create user group to block youtube

can you explain step by step

please.........

 

xsilver_FTNT

1. create local user group on FortiGate

2. follow http://cookbook.fortinet.com/blocking-facebook-52/

3. replace facebook.com with whatever you need to block

4. in cookbook receip step 3 add the group to the policy

5. make sure there is no other policy allowing unauthenticated traffic (as there is implicit fall-through for unauthenticated and such pure IP based non-identity policy will win the policy match challenge)

6. use 'diag debug flow' group of commands and 'diag sys session list' to verify your traffic is comming through intended policies

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Labels
Top Kudoed Authors