wan to block computer getting internet access via FSSO client on AD to fortigate

Author
Vishalv16
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/15 06:31:18
  • Status: offline
2019/11/08 05:17:35 (permalink)
0

wan to block computer getting internet access via FSSO client on AD to fortigate

I have system that i want to set ip base internet policy which will be time base, now apart form that time limit any user who are in domain can login to system but should not able to access internet.
is there any way that i can do from AD FSSO client or from fortigate

(note: this is already there but i want to know how they did that)
no ip is block on fortigate also changing ip address was no use

thanks in adavance
Vishal
#1

1 Reply Related Threads

    xsilver
    Expert Member
    • Total Posts : 449
    • Scores: 103
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: wan to block computer getting internet access via FSSO client on AD to fortigate 2019/11/12 00:21:34 (permalink)
    0
    Hi Vishal,
    not sure I understand your needs.
     
    FSSO IS IP based, it is not session based, unless you use Collector for NTLM.
    Keep in mind that pure IP based policies (no user groups, in short) has priority before Identity based policies.
    Time schedules should work for both types.
     
    Unless your DCs are behind firewall, from network/policy perspective (so no traffic/forward policy govern access from PC to DC), then logon to domain should always work.
     
    FortiGate is implicit deny-any type of firewall. So policies are exemptions allowing access under specific conditions, like time, source/destination address/port, services and user/device identity.
    So to achieve identity driven access avoid any pure IP based policies without user group bond.
     

    Kind Regards,
    Tomas
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5