Difference Between Need, Want And Desire In Marketing, Articles F

Right-click on the General Interest Personal FortiGuard category. Editing the security policy for outgoing traffic, 5. What are some of the best ones? 07-10-2018 Creating a restricted admin account for guest user management, 4. Then, to add the 1 website that you are permitting, you would add that to the website filter exceptions list. Using virtual IPs to configure port forwarding, 1. Connecting to the IPsec VPN from the Windows Phone 10, 1. 03:22 AM Blocking Facebook with Web Filtering. Configuring sandboxing in the default AntiVirus profile, 4. Creating user groups on the FortiAuthenticator, 4. SSL VPN Full Tunnel Setup for Remote Users; 7. Creating a security policy for remote access to the Internet, 4. I haven't had any issues using it at all. Setting up an internal network with a managed FortiSwitch, 6. Welcome to the Snap! We have developed an app that makes a connection to a box server in the company using Domino Access services. Introducing the FortiGate 400F; 8. If you're using a firewall which doesn't do DNS lookups, you're in for a whole world of pain : ( Creating a custom application signature, 3. IPsec VPN two-factor authentication with FortiToken-200, 3. 06-20-2016 The app is making htttps GET requests, the server returns data in JSON format. Enabling endpoint control on the FortiGate, 2. Creating a policy to allow traffic from the internal network to the Internet, Installing a FortiGate in Transparent mode, 1. Integrating the FortiGate with the Windows DC LDAP server, 2. I don't know yet if I can make use of this, and if it works, but it most definitely answers the question I asked. Or does it mean that the server will not be blocked from being accessed from the Internet, but it will be able to reply only to the App's URL because the firewall will block any other replies ? (Optional) Setting the FortiGate's DNS servers, 5. 5. Adding the new web filter profile to a security policy, 1. Creating a user account and user group, 5. 183 Share 13K views 2 years ago This video shows how to create geography addresses in the Fortigate GUI and CLI, shows how to create Firewall Policies for Blocking Geographic regions and shows. Creating a guest SSID that uses Captive Portal, 3. For web filtering, we reduced the options down to a few crucial ways to keep your kids safe when they're online. Check the FortiGate interface configurations (NAT/Route mode only), 5. Connecting and authorizing the FortiAPs, FortiAuthenticator as a Certificate Authority, 1. I have a system with me which has dual boot os installed. You might be able to find these by googling. He had firewall on and app couldn't connect. I haven't added any wildcards other than what it came with from Fortinet. Configuring the IPsec VPN using the IPsec VPN Wizard, 2. I wanted to know if i can remote access this machine and switch between os or while rebooting the system I can select the specific os. The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. I decided to let MS install the 22H2 build. 6/17/20, 9:59 AM. HTTPS is automatically applied to facebook.com, even if it is not entered in the address bar. Requesting and installing a server certificate for FortiOS, 2. edit 1. set intf "wan1". It is much better to use regexp in form [^. Creating users on the FortiAuthenticator, 3. Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Go to Security Profiles > Web Filter and edit the default Web Filter profile. Configuring an LDAP directory on the FortiAuthenticator, 2. Checking cluster operation and disabling override, 2. 1) Simple: A simple URL-Filter entry could be a regular URL. Creating two users groups and adding users, 2. Created on I have been testing various IPv4 policies with Address groups of FQDN's for the allowed list. Adding an address for the local network, 5. Adding FortiManager to a Security Fabric, 2. Specifying the Microsoft Azure DNS server, 3. And: Creating Security Policy for access to the internal network and the Internet, 6. Open the WebBlock window, as shown in Step 5 above. Configuring the IPsec VPN using the Wizard, 2. 04:17 AM. Adding virtual wire pair firewall policies, Enforcing network security using a FortiClient Profile, 5. You should use some type auth at the app like a API-KEy but that's not for me to debate. Adding security policies for access to the internal network and Internet, 6. (Optional) FortiClient installer configuration, 1. Connecting and authorizing the FortiAP, Captive portal WiFi access with a FortiToken-200, 2. Configuring a user group on the FortiGate, 6. Created on Created on Use the following command to close the BGP port on the wan1 interface. Creating a new CA on the FortiAuthenticator, 4. or maybe the full URL of the app like: Configuring FortiGate to use the RADIUS server, 5. Adding the signature to the default Application Control profile, 4. I had to remove the machine from the domain Before doing that . Thank you for your reply. Adding a user account to FortiToken Mobile, 4. C:\Windows\System32\drivers\etc Step 2: Choose Properties and tap on the Users tab. Adding security policies for access to the internal network and Internet, 6. Configuring Windows 7 wireless profile to use certificate, WiFi with WSSO using FortiAuthenticator RADIUS and Attributes, 1. Content filtering prevents access to content that could pose a risk to internet users. Creating a web filter profile that uses quotas, 3. Installing FSSO agent on the Windows DC, 4. Adding virtual wire pair firewall policies, Enforcing network security using a FortiClient Profile, 5. Adding FortiManager to a Security Fabric, 2. Storing configuration and license information, 3. Create a web filter security policy where you can setup website blocking and exemptions and attach that security policy to a firewall policy. Anyone have suggestions on how this should be configured? Creating a user group for remote users, 2. There is a server in company's intranet or DMZ, behind a firewall. 1. Creating the Microsoft Azure virtual network gateway, 4. Create an SSID with dynamic VLAN assignment, 2. Adding FortiAnalyzer to a Security Fabric, 5. Configuring a traffic shaper to limit bandwidth, 4. 03:21 AM Adding the blocking profile to a security policy, Listing of Netflow Templates for FortiOS 5.4.x or later, 1. Go to System > Feature Select and confirm that the Web Filter feature is enabled. How to Block Websites in Fortigate Firewall. FortiGate Cookbook - Blocking all web sites except those you specify using a whitelist,FortiGate Cookbook - Basi. Before that we tried IP restriction, but because it is a cloud app, we don't have a guaranteed static IP address, it keeps changing. Is there a way i can do that please help. Only the first entry ever was allowed. Set URL to *facebook.com. Using virtual IPs to configure port forwarding, 1. Second Line: Block "mybluemix.net" with the wildcard. Thanks for responding. Adding a firewall address for the local network, 4. 05:24 AM. The FortiGate units performance level has decreased since enabling disk logging. The most common mistake it to create a "Domain" policy to block most malicious stuff (like certain ports and/or application) then create a RDS policy that only have white-lists of websites but allowing or ignoring the "Domain" policies for RDS servers.then the RDS servers become a backdoor ??. edit 1. set intf wan1. It is a REST API https connection. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal networks access to websites. (Optional) Restricting administrative access to a trusted host, FortiToken two-factor authentication with RADIUS on a FortiAuthenticator, 1. Integrating the FortiGate with the Windows DC LDAP server, 2. Configuring user groups on the FortiGate, 7. Blocking Tor traffic in Application Control using the default profile, 3. Installing and configuring the Marketing FortiGate, 4. Enabling the Cooperative Security Fabric, 7. Adding the default profile to a security policy, 1. Blocking all traffic to server except one URL https connection, Fortigate 90e. Enabling logging in your Internet access security policy, 2. Adding a firewall address for the local network, 4. I worked with FortiNet support previously and this is what we did, Steps Taken:- Created address for two websites- Created address group and called allowed address in this group- Created test policy for Protocol options. The pre-shared key does not match (PSK mismatch error). One thing I've noticed is that SSL randomly fails because the different CRL servers used on the certs so I find myself constantly adding CRL IP ranges to certs. Using the default Application Control profile to monitor network traffic, 3. Configuring the IPsec VPN using the IPsec VPN Wizard, 1. 05:01 AM. Creating a security policy for wireless traffic, Make it a policy to learn before configuring policies. By using SSL inspection, you ensure that Facebook and its subdomains are also blocked when accessed through HTTPS. Follow Advertisement Recommended Fortigate Firewall How to - DLP IPMAX s.r.l. Why do you want to know this information? Enabling DLP and Multiple Security Profiles, 3. 12-31-2021 Configuring the SSL VPN web portal and settings, 4. Step 1: Go to the following path on your Windows 10 PC and right-click on the file named Hosts. We are trying to figure out how to explain firewall administrator how to configure his managed firewall. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. If you wish to use a static URL filter to block access to a website and its subdomains, follow the example described in Blocking Facebook with Web Filtering. This way you don't need to use a web filter at all. Adding the FortiToken user to FortiAuthenticator, 3. Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface. Allowing wireless access to the Internet, Site-to-site IPsec VPN with two FortiGates, SSL VPN for users with passwords that expire, 1. set action deny. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Adding web filtering to a security policy, WiFi RADIUS authentication with FortiAuthenticator, 1. 08-12-2019 Setting the FortiGate unit to verify users have current AntiVirus software, 7. Connecting to the IPsec VPN from iPhone, 2. Give the policy a name that identifies its use. 02:29 AM. Configuring FortiAP-2 for mesh operation, 8. By Can anyone please kindly guide us through making that nice helpful person through configuring his Fortigate 90e firewall to allow our app to communicate through firewall with that server and block everything else in the world ? Just to quickly check if I understood it correctly: Connecting and authorizing the FortiAP, Captive portal WiFi access with a FortiToken-200, 2. Applying AntiVirus and Web Filter scanning to network traffic, 1. Connecting and authorizing the FortiAP, Captive portal two-factor authentication with FortiToken Mobile, 2. Is the RESTful call done thru HTTP or HTTPS? Here are the seven most important configuration options you should perform on your FortiGate to improve the detail and visibility of the reports and alerts from Fastvue Reporter for FortiGate. Configuring Single Sign-On on the FortiGate. Register the FortiGate as a RADIUS client on the FortiAuthenticator, 3. 07-09-2018 Copyright 2023 Fortinet, Inc. All Rights Reserved. An active license for FortiGuard Web Adding endpoint control to a Security Fabric, 7. This video explains how to block a website on FortiGate Firewall#netvn Nice T-shirt for you https://have-fun-2.creator-spring.comDream 600K Sub https://www.y. Creating a security policy for WiFi guests, 4. FortiGate registration and basic settings, 5. Creating an SSL VPN portal for remote users, 4. Connecting and authorizing the FortiAP, Captive portal two-factor authentication with FortiToken Mobile, 2. Importing the local certificate to the FortiGate, 6. FortiCloud IAM Portal Overview; 9. Cause we are concerned about security of server data, and the person managing firewall said second option may not be sufficiently secure and we would really like to have first option - blocking and filtering connection INCOMING to intranet. Steps to unblock websites 1. 07-09-2018 Enabling web filtering and multiple profiles, 3. As in: firewall will filter connections INCOMING to intranet ? As in:firewall will filter connections OUTGOING to internet ? This article provides an example of how to block all websites, whilst allowing only one. Edited on (Optional) Adding security profiles to the fabric, Integrating a FortiGate with FortiClient EMS, 2. The new policy has to be first on the list in order to be applied to Internet traffic. For Layer 7 virtual servers, FortiADC blocks access after the handshake, allowing . This doesn't work at all. set dstaddr all. Configuring the root VDOM for FortiGate management, You cannot create new web filter profiles, You configured web filtering, but it is not working, You configured DNS Filtering, but it is not working, FortiGuard has the wrong categorization for a website, The website categorization on your FortiGate does not match the FortiGuard categorization, An active FortiGuard web filter license displays as expired/unreachable, Using URL Filters in conjunction with FortiGuard Categories is not working, 2. Creating a DNS Filtering firewall policy, 2. Unfortunately, FortiGuard can also inadvertently block sites that provide safe and useful content. 04:15 AM. Creating the SSL VPN user and user group, 2. The Web Filter module must be installed before you can enable Block malicious websites. This article explains how to exempt or block the access to website using the URL filter feature. 12-31-2021 Creating a default route for the WAN link interface, 6. Creating a Microsoft Azure Site-to-Site VPN connection. 1. Using the deep-inspection profile may cause certificate errors. 07-10-2018 Installing internal FortiGates and enabling a Security Fabric, 3. symbol means: match the same or different character than the one before the symbol, but is followed by the rest of the sentence.For example:'fortinet.com' will match 'fortinetacom', 'fortinetbcom', 'fortinetzcom'Configuring a URL filter:GUI:1) Go to Security Profiles -> Web Filter.2) Select a web filter to edit.3) Under Static URL Filter, enable URL Filter, and select Create New.4) Enter the URL, without the http, for example: www.example*.com5) Select a Type: Simple , Regular Expression, or Wildcard. Exporting the LDAPS Certificate in Active Directory (AD), 2. using FortiGuard categories. I am staging a 02:18 AM. Installing FSSO agent on the Windows DC server, 3. Creating a web filter profile and an override, 4. Hi there guys, we are a company that develops software for a small company. Set Type to Wildcard, set Action to Block, and set Status to Enable. 07-06-2018 Registering the FortiGate as a RADIUS client on NPS, 4. The FortiGate units performance level has decreased since enabling disk logging. Give the policy a name that identifies its use. there are so many websites blocked by FortiGate example bank websites and other trusted websites like google drive etc. more options. 802.1X with VLAN Switch interfaces on a FortiGate, Adding Endpoint Control to the Security Fabric, 1. I added a "LocalAdmin" -- but didn't set the type to admin. FortiGuard is particularly effective because it uses both hardware and software controls to block content. Configuring RADIUS client on FortiAuthenticator, 5. 1. Configuring a traffic shaper to limit bandwidth, 4. Applying AntiVirus and Web Filter scanning to network traffic, 1. To block Facebook, go to Static URL filter, select URL Filter, and then click Create. Enabling the DNS Filter Security Feature, 2. Checking cluster operation and disabling override, 2. For example: www.fortinet.com - URL: fortinet.com - URL: fortinet.com/support Enabling the Cooperative Security Fabric, 7. Block all categories and then in the section called 'static URL filter' you can set URL overrides and put there FQDNs and wildcard FQDNs that are allowed to bypass the web filter. Go to FortiView > Websites and select the 5 minutes view. Thank you for . Close the BGP port. Connecting to the IPsec VPN from iPhone, 2. The default Application Control profile is set to monitor all applications except for Unknown pplications. Installing a FortiGate in NAT/Route mode, 2. FortiGate VM64v6.0.6 build0272 for a new customer and they have a list of white listed URL's. Verify that you can connect to the Internet-facing interfaces IP address (NAT/Route mode only), 8. Create the user accounts and user group on the FortiAuthenticator, 2. Editing the default Web Application Firewall profile, 3. Does anyone have any clue or scripting links/examples on how to make the URI resources hosted by that server accessible only to the app that has URL: "myFancyApp.mybluemix.net" ? One such group can contain up to 600 IPs, although the limit will vary between . Adding application control to your security policy, 2. Configure FortiGate to use the RADIUS server, 4. Technical Tip: How To block all the web sites whil Technical Tip: How To block all the web sites while allowing one website/URL. I'll contact FortiNet support again I'm just not confident in the agent I worked with providing a proper resolution. IPsec VPN two-factor authentication with FortiToken-200, 3. 05:12 AM. Configuring sandboxing in the default FortiClient profile, 6. During testing only one of the 2 web sites was allowed. How do these priorities affect each other? 1. And what are the pros and cons vs cloud based? Blocking all traffic to server except one URL https connection, Fortigate 90e Hi there guys, we are a company that develops software for a small company. Creating the Microsoft Azure virtual network gateway, 4. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Creating an application profile to block P2P applications, 6. IPMAX s.r.l. Are you creating these under Policy & Objects - Addresses or Policy & Objects - Wildcard FQDN Addresses. Configuring FortiGate to use the RADIUS server, 5. Configuring and assigning the password policy, 3. Switch from the Allowlist mode to the Block list mode. Allowing wireless access to the Internet, Site-to-site IPsec VPN with two FortiGates, SSL VPN for users with passwords that expire, 1. Creating an application profile to block P2P applications, 6. Adding the profile to a security policy, Protecting a server running web applications, 2. Adding the FortiToken to FortiAuthenticator, 2. I would do it with a policy from internal interface to public interface, from all internal addresses to an FQDN. Configuring OSPF routing between the FortiGates, 5. This allows the FortiGate to inspect and apply web filtering to HTTPS traffic. Copyright 2023 Fortinet, Inc. All Rights Reserved. The support agent said the other entry needed time to resolve via DNS and it should work however that did not happen. Go to Security Profiles > Web Filter and edit the default Web Filter profile. Creating a schedule for part-time staff, 4. Register the FortiGate as a RADIUS client on the FortiAuthenticator, 3. Storing configuration and license information, 3. Verify the static routing configuration (NAT/Route mode only), 7. Your daily dose of tech news, in brief. SSL VPN Web Mode for Remote Users; 6. Deleting security policies and routes that use WAN1 or WAN2, 5. Importing and signing the CSR on the FortiAuthenticator, 5. Configuring a remote Windows 7 L2TP client, 3. Edited on 07-09-2018 Pre-existing IPsec VPN tunnels need to be cleared. ] . FortiPortal - Service Provider Admin Portal; 13. Creating the Microsoft Azure local network gateway, 7. This recipe explains how to use a static URL filter to block access to Facebook and its subdomains. Creating the Microsoft Azure local network gateway, 7. What do hair pins have to do with networking? 1. (Optional) Importing Endpoint Profiles into FortiClient EMS, 3. The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Under Security Profiles, enable Web Filter and select the default web filter profile. Connecting to the IPsec VPN from the Windows Phone 10, 1. Created on The pre-shared key does not match (PSK mismatch error). And the server can be blocked from any INCOMING connections but the connection from an app with that URL hosted in IBM cloud ? 07-06-2018 (Optional) Adding security profiles to the fabric, Integrating a FortiGate with FortiClient EMS, 2. Fortinet Community Knowledge Base FortiGate Technical Tip: How To block all the web sites whil. Configuring the IPsec VPN using the Wizard, 2. Creating the DNS Filter Profile and enabling Botnet C&C database, 3. Connecting and authorizing the FortiAPs, FortiAuthenticator as a Certificate Authority, 1. Go to Policy & Objects > IPv4 Policy, and click Create New. Configuring FortiGate to use FortiAuthenticator as the RADIUS server, 5. This recipe explains how to block access to social media websites To move a policy up or down, click and drag the far-left column of the policy. message appears. config firewall local-in-policy. Configuring the root VDOM for FortiGate management, You cannot create new web filter profiles, You configured web filtering, but it is not working, You configured DNS Filtering, but it is not working, FortiGuard has the wrong categorization for a website, The website categorization on your FortiGate does not match the FortiGuard categorization, An active FortiGuard web filter license displays as expired/unreachable, Using URL Filters in conjunction with FortiGuard Categories is not working, 2. Installing FSSO agent on the Windows DC, 4. Configuring Single Sign-On on the FortiGate, Single Sign-On using LDAP and FSSO agent in advanced mode (Expert), 1. For example: www.fortinet.com- URL: fortinet.com- URL: fortinet.com/support2) Wildcard: A wildcard can be used to include one or more URLs to a simple URLFor example:- URL: *.fortinet.com (everything before ".fortinet.com" will match this rule, like support.fortinet.com)- URL: www.fortinet.com/* (everything after "www.fortinet.com/" will match this rule, like www.fortinet.com/contact)3) Regular Expressions (regex): Regex is used to include one or more URLs related -or not related- to a pattern using some Perl syntaxFor example:- "*" symbol means: match 0 or more times of the character before the symbol, but no match with any character.For example:"fortinet*.com" will match "fortinetttttttt.com" but not "fortinetsupport.com""/i" symbols means: makes the pattern case sensitive.For example:"/FORTINET/i" will not mach with "fortinet""^" symbols means: at the beginning of the string.For example:"^fo" will match 'fortinet.com''.' Installing internal FortiGates and enabling a Security Fabric, 3. 1. Verify the security policy configuration, 6. Exporting the LDAPS Certificate in Active Directory (AD), 2. Editing the default Web Filter profile, 3. We will appreciate any links to "cookbooks" and advice, thank you most kindly in advance. Configuring sandboxing in the default Web Filter profile, 5. Visit a subdomain of Facebook, for example, attachments.facebook.com. Creating a local CA on FortiAuthenticator, 2. Creating a default route for the WAN link interface, 6. Creating a security policy for access to the Internet, 1. Creating S3 buckets with license and firewall configurations, 4. RDP will not be available via the public internet. First Line: First Simply allow the Simple URL (Your static URL). Solution 1) Go to Security Profile > Web filter. Creating a user account and user group, 5. Background. Please have a look at sample profile: The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Configuring a user group on the FortiGate, 6. You can block every website by adding <all_urls> to the blocked websites policy. Connecting and authorizing the FortiAP unit, 4. Connecting the FortiGate to the RADIUS Server, 2. Configuring the Microsoft Azure virtual network, 2. Creating a policy to allow traffic from the internal network to the Internet, Installing internal FortiGates and enabling Security Fabric, 1. 8.1k views 7 slides Fortigate Training NCS Computech Ltd. 31.7k views 280 slides FortiGate Firewall HOW-TO - DMZ Adding the profile to a security policy, Protecting a server running web applications, 2. and was challenged. The person configuring this firewall was unable to quickly have a suitable solution on how to restrict EVERYTHING else from communicating with server except that one app that has dedicated URL. 2. Configure FortiGate to use the RADIUS server, 4. Adding a user account to FortiToken Mobile, 4. Creating the Web filtering security policy, Blocking social media websites using FortiGuard categories, 3. Creating a local CA on FortiAuthenticator, 2. It's sole purpose is to respond to HTTP GET requests for resources from an app located in the cloud which has been given a URL like "myApp.mybluemix.net" and can be reached on that address. Configuring sandboxing in the default Web Filter profile, 5. Enabling the DNS Filter Security Feature, 2. Reserving an IP address for the device, 5. *.mybluemix.net Created on Hope this helps. By the way, I am just thinking, maybe it would be possible with the application control feature, but I'm not enough into it to tell you that exactly. Verify the security policy configuration, 6. Add the RADIUS server to the FortiGate configuration, 3. Created on 07-06-2018 We now automatically block adult content in their web browsers, and if your kids are very young, you can allow them to access only specific web sites that you want them to see. Create the SSID and set up authentication, WiFi using FortiAuthenticator RADIUS with Certificates, 1. Verify that you can connect to the Internet-facing interfaces IP address (NAT/Route mode only), 8. Pre-existing IPsec VPN tunnels need to be cleared. Creating a policy to allow traffic from the internal network to the Internet, Installing a FortiGate in Transparent mode, 1. Creating a security policy for WiFi guests, 4. Importing user certificate into Windows 7, 10. On the Websites page (2/6), choose Block All Websites. SolutionNormal behavior would be to have some entries with allowed status and one wildcard * with block. Enabling DLP and Multiple Security Profiles, 3. set srcaddr "Blocked Countries". Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence. I have a Fortigate 40C with FortiOS v4 patch 11, and I want to make a security profile that blocks all websites except hotmail and gmail because we need access to our email. Logs from a FortiAnalyzer, FortiManager, or from FortiCloud do not appear in the GUI. This topic has been locked by an administrator and is no longer open for commenting. You can make it possible with static URL filter option in FortiGate. Configuring an interface dedicated to FortiAP, 7. I resolved this problem by changing proxy-based to flow-based but I want to know the source of the problem. Editing the user and assigning the FortiToken, Configuring ADVPN in FortiOS 5.4 - Redundant hubs (Expert), Configuring ADVPN in FortiOS 5.4 (Expert), Configuring LDAP over SSL with Windows Active Directory, 1. Creating Security Policy for access to the internal network and the Internet, 6. It is a REST API https connection. Adding web filtering to a security policy, WiFi RADIUS authentication with FortiAuthenticator, 1. I know how to create the objects and address group for the farm. Adding the default profile to a security policy, 1. Creating user groups on the FortiAuthenticator, 4. Configuring the Primary FortiGate for HA, 4. Then it is firewall issue or do you mean it is "web server configuration" option somewhere in the options of the firewall ?