Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mahmoud93
New Contributor

explicit proxy authentication

I have fortigate enabled explicit proxy on it, im using fsso as my authentication rule in addithion to ldap I have made made this on one authentication rule.the idea of the setup is be ldap as failover soluation in case of fsso not working Q if i have policies with this order 1ST policy - spacific user group using LDAP AUTH2Nd policy - all user group contain the above group but with FSSO3RD policy - Same above user group using ldap And group is exist on fsso lsit and work - - ldap will work or not i.e authentication page will not appear to enter credentials right Also in user monitor im seeing that beside user wtittien authentication firewall, explicit proxy although user group is SSO

2 REPLIES 2
xsilver_FTNT
Staff
Staff

Hi,

scenario and words like "user wtittien" not clear to me. However if your authentication setting says that sso-auth-scheme is some authentication scheme with method set to fsso, then explicit proxy should use FSSO, and if workstation IP where you are testing from is already known to FSSO and listed, then traffic should be allowed according to group membership of user and groups known from that source IP.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

mahmoud93

Is it double to configure FSSO as primary method and ldap as secondary in case FSSO didnt work

Labels
Top Kudoed Authors