Fortigate - block sites with AD connection

Posted on 2014-11-06
Last Modified: 2014-11-18
Hi Experts,

I have a FORTIGATE 200B firewall cluster from running.
The webfilter is active for all with a policy.
Always when I have a person who needs special access to several sites, which are normally blocked, I have to create a new policy, reserve the IP of the user and blind this to the new policy.

Is it not possible to connect the FORTIGATE to my AD and use the AD user to allow  or block a site ?
Question by:Eprs_Admin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 2

Expert Comment

ID: 40426077
Use LDAP or FSAE feature in fortigate to attain the goal

Author Comment

ID: 40426096
do you have a manual to set up LDAP ?

Accepted Solution

Jinujoz earned 500 total points
ID: 40426104
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Author Comment

ID: 40426146
is it possible with this configuration to create a policy, based on a AD usergroup to block facebook and exclude some users from this rule ?
What do I need ? LDAP or FSAE ?

I dont know what to configure in my case ....

Author Comment

ID: 40434694
Can you explain how to use LDAP with the FORTIGATE ?
I have read your link and LDAP is configured.
But how to create a policy to block sites and exclude some users from it ?

Author Comment

ID: 40434706
what I don´t understand, in my FORTIGATE they speak about FSSO and in the manual about FSAE and LDAP.

Author Comment

ID: 40434799
when I activate the Enable Identity Based Policy, then all internet access is gone.
Can you help me out to configure it properly ?

Author Comment

ID: 40449209
I need help to set this up in the Fortigate.
What do I need to allow a user a blocked site ?

Author Comment

ID: 40450057
ok I got it.
Thanks for your help which was not very satisfied :-(

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question