Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ronnie_jorgensen
New Contributor

What is required so that I can use "users" in policy rules?

Hi everyone,

 

I just need a quick refresher on what is required for me to be able to use a user in a firewall policy.

 

We have a few finance systems that we need to lock down to only 2 users that can access from SSL VPN.

 

We already use a RADIUS server for the SSL VPN - I would like to create a new rule that allow access from SSL VPN to the 2 fianance systems if the user is "USER1 or USER2"

2 REPLIES 2
lobstercreed
Valued Contributor

You either need to find a way to send a different group attribute from RADIUS and use that, or you define the users as actual remote (RADIUS) users on the firewall and use those.  I've done a combination of the two depending on the situation. 

 

Just know that this all goes in the crapper if you're wanting to move to SAML.  Fortinet needs to get their head out of their derrière and see how people actually do user/group matching to make this work right...I'd love to move to SAML login for VPN.

M_M_SW

if using ssl-vpn

you can add on fortitoken

fortigate have two free licence

 

Labels
Top Kudoed Authors