This recipe explains how to use a static URL filter to block access to Facebook and its subdomains. Integrating the FortiGate with the FortiAuthenticator, 3. Exporting user certificate from FortiAuthenticator, 9. Is there a way i can do that please help. Our app is hosted in IBM Cloud and it has public url it uses for communication. 1. Connecting the network devices and logging onto the FortiGate, 2. Introducing FortiNDR 3500F; 11. Setting up an internal network with a managed FortiSwitch, 6. Solution There are three types of URL that can be defined. 06-20-2016 SSL VPN Web Mode for Remote Users; 6. What do hair pins have to do with networking? We will appreciate any links to "cookbooks" and advice, thank you most kindly in advance. Verify that you can connect to the gateway provided by your ISP. HTTPS is automatically applied to facebook.com, even if it is not entered in the address bar. Storing configuration and license information, 3. Configuring the IPsec VPN using the IPsec VPN Wizard, 1. Creating a user group on the FortiGate, Single Sign-On using FSSO agent in advanced mode and FortiAuthenticator (Expert), 1. My policy has a block all rule and above it I have the allow application office 365 rule like so. For all exempt actions: ? Copyright 2023 Fortinet, Inc. All Rights Reserved. Or is the whitelist web filter only for outgoing http requests ? Please have a look at sample profile: The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Verify that you can connect to the gateway provided by your ISP. First Line: First Simply allow the Simple URL (Your static URL). FortiGuard is particularly effective because it uses both hardware and software controls to block content. I've resorted to using tcpview and adding huge swaths of microsoft's IP ranges that I can find on ARIN and at this point I nearly have something that works. Creating user groups on the FortiAuthenticator, 4. The options to configure policy-based IPsec VPN are unavailable. 07:10 AM Configure FortiGate to use the RADIUS server, 4. The server is dedicated to provide data to that one single app and nothing else. Creating an SSL VPN portal for remote users, 4. Editing the user and assigning the FortiToken, Configuring ADVPN in FortiOS 5.4 - Redundant hubs (Expert), Configuring ADVPN in FortiOS 5.4 (Expert), Configuring LDAP over SSL with Windows Active Directory, 1. ; Select the Block malicious websites checkbox. Creating a local CA on FortiAuthenticator, 2. Thank you for . If you don't have many machines this might be a viable option. Configuring sandboxing in the default FortiClient profile, 6. just under addresses. Configuring a user group on the FortiGate, 6. Installing internal FortiGates and enabling a Security Fabric, 3. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Creating a restricted admin account for guest user management, 4. 07-06-2018 Blocking malicious websites. Creating a security policy for remote access to the Internet, 4. higher in the policy sequence than any other policy that could manage Edited on 07-25-2022 Enable Web Filtering. 07-10-2018 Creating the LDAPS Server object in the FortiGate, 1. 02:18 AM. Welcome to the Snap! Verifying your Internet access security policy, Logging FortiGate traffic and using FortiView, 3. Configuring FortiAP-2 for mesh operation, 8. Creating a policy to allow traffic from the internal network to the Internet, Installing internal FortiGates and enabling Security Fabric, 1. FortiGuards web filtering categories are organized into six main groups; descriptions can be found at FortiGuard Center. Creating the SSL VPN user and user group, 2. Changing the FortiGate's operation mode, 2. Editing the default Web Application Firewall profile, 3. 12-31-2021 You need to hear this. Adding endpoint control to a Security Fabric, 7. Installing internal FortiGates and enabling a Security Fabric, 3. This includes: Application Firewall: If the webpage matches a given signature where the action is set to block or if . Creating the Web filtering security policy, Blocking social media websites using FortiGuard categories, 3. there are so many websites blocked by FortiGate example bank websites and other trusted websites like google drive etc. Creating a restricted admin account for guest user management, 4. You can make it possible with static URL filter option in FortiGate. Configuring the FortiGate's interfaces, 4. 07-09-2018 IPsec VPN two-factor authentication with FortiToken-200, 3. Switching to VDOM mode and creating two VDOMs, 2. Editing the default Web Filter profile, 3. Go to the Custom tab and add the following URLs: drive.google.com docs.google.com google.com/docs google.co.uk/sheets google.co.uk/drive Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal networks access to websites. Configuring the SSL VPN web portal and settings, 4. Configuring the root VDOM for FortiGate management, You cannot create new web filter profiles, You configured web filtering, but it is not working, You configured DNS Filtering, but it is not working, FortiGuard has the wrong categorization for a website, The website categorization on your FortiGate does not match the FortiGuard categorization, An active FortiGuard web filter license displays as expired/unreachable, Using URL Filters in conjunction with FortiGuard Categories is not working, 2. Configure FortiGate to use the RADIUS server, 4. By the way, I am just thinking, maybe it would be possible with the application control feature, but I'm not enough into it to tell you that exactly. The app is making htttps GET requests, the server returns data in JSON format. Creating two users groups and adding users, 2. Blocking all traffic to server except one URL https connection, Fortigate 90e. Integrating the FortiGate with the FortiAuthenticator, 3. Creating a user group on the FortiGate, Single Sign-On using FSSO agent in advanced mode and FortiAuthenticator (Expert), 1. Creating a policy that denies mobile traffic. You need to block everything except for IP range/domains. Adding security policies for access to the internal network and Internet, 6. This would hide the Blocklist tab since you'll be blocking all websites. Connecting to the IPsec VPN from iPhone, 2. I wanted to know if i can remote access this machine and switch between os or while rebooting the system I can select the specific os. Integrating the FortiGate with the Windows DC LDAP server, 2. 05:45 AM Register the FortiGate as a RADIUS client on the FortiAuthenticator, 3. It is IBM Domino Server, it is secured by SHA2 and it has encryption certificate, http connections are not allowed. Configuring OSPF routing between the FortiGates, 5. Enable certificate-inspection from the dropdown menu. I have a system with me which has dual boot os installed. The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Configuring the backup FortiGate for HA, 7. Configuring the certificate for the GUI, 4. Hi Team, Enabling the Cooperative Security Fabric, 7. Configuring OSPF routing between the FortiGates, 5. (Optional) Restricting administrative access to a trusted host, FortiToken two-factor authentication with RADIUS on a FortiAuthenticator, 1. Using the deep-inspection profile may cause certificate errors. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Registering the FortiGate as a RADIUS client on the FortiAuthenticator, 2. Creating an application profile to block P2P applications, 6. 1) Simple: A simple URL-Filter entry could be a regular URL. Logging to a FortiAnalyzer unit is not working as expected. (Optional) FortiClient installer configuration, 1. To move a policy up or down, click and drag the far-left column of the policy. Adding the profile to a security policy, Protecting a server running web applications, 2. It's especially effective at preventing malware downloads from malicious or hacked websites. Requesting and installing a server certificate for FortiOS, 2. I'll contact FortiNet support again I'm just not confident in the agent I worked with providing a proper resolution. I haven't added any wildcards other than what it came with from Fortinet. Creating a firewall address for L2TP clients, 5. Configuring the Microsoft Azure virtual network, 2. 5. Filtering service is required. Creating a local service certificate on FortiAuthenticator, 3. Registering the FortiGate as a RADIUS client on NPS, 4. 03:21 AM Configuring and assigning the password policy, 3. using FortiGuard categories. DNS Opt 2: Remove DNS entries from the machines and put the Hosts you need in the hosts file. Logs from a FortiAnalyzer, FortiManager, or from FortiCloud do not appear in the GUI. Created on Creating a web filter profile and an override, 4. Registering the FortiGate as a RADIUS client on NPS, 4. (Optional) Setting the FortiGate's DNS servers, 3. I haven't had any issues using it at all. (Optional) Restricting administrative access to a trusted host, FortiToken two-factor authentication with RADIUS on a FortiAuthenticator, 1. This lesson wil show you how-to FortiGate Firewall allows you to block specific sites and also filter them on a content base. Who knows about blocking websites those days? Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com, Created on This video explains how to block a website on FortiGate Firewall#netvn Nice T-shirt for you https://have-fun-2.creator-spring.comDream 600K Sub https://www.y. Deleting security policies and routes that use WAN1 or WAN2, 5. Configuring a remote Windows 7 L2TP client, 3. Anthony_E. Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. To rephrase the explanation here - it is webserver hosting data and displaying it in JSON format as REST api. Not to rain on your parade, but that sounds more like a web server configuration to me. Configuring local user on FortiAuthenticator, 6. Configuring the IPsec VPN using the IPsec VPN Wizard, 1. Configuring RADIUS client on FortiAuthenticator, 5. Connecting and authorizing the FortiAP unit, 4. During testing only one of the 2 web sites was allowed. config firewall local-in-policy. Enabling Application Control and Multiple Security Profiles, 2. Created on Enabling DLP and Multiple Security Profiles, 3. Configuring External to connect to Accounting, 3. Configuring a user group on the FortiGate, 6. message appears. Applying the profile to a security policy, 1. 6/17/20, 9:59 AM. A FortiGuard Web Page Blocked! Verify the static routing configuration (NAT/Route mode only), 7. I decided to let MS install the 22H2 build. Only the first entry ever was allowed. Using the default Application Control profile to monitor network traffic, 3. Creating the Microsoft Azure local network gateway, 7. Bweber93 I'd like to confirm your statement. Here are the seven most important configuration options you should perform on your FortiGate to improve the detail and visibility of the reports and alerts from Fastvue Reporter for FortiGate. Importing the local certificate to the FortiGate, 6. Steps to unblock websites 1. By using SSL inspection, you ensure that Facebook and its subdomains are also blocked when accessed through HTTPS. The next thing to do is to allow Google Docs and Google Drive. Is the RESTful call done thru HTTP or HTTPS? Or does it mean that the server will not be blocked from being accessed from the Internet, but it will be able to reply only to the App's URL because the firewall will block any other replies ? By The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Created on Technical Note: How to allow one website while blocking all others. Adding web filtering to a security policy, WiFi RADIUS authentication with FortiAuthenticator, 1. Creating the SSL VPN user and user group, 2. Installing a FortiGate in NAT/Route mode, 2. Creating a policy for part-time staff that enforces the schedule, 5. DescriptionThis article explains how to use Web-filter to create a white list of HTTP(S) resource, and block rest of the sites. Adding the blocking profile to a security policy, Listing of Netflow Templates for FortiOS 5.4.x or later, 1. To block Facebook, go to Static URL filter, select URL Filter, and then click Create. The HTTPS protocol is automatically applied to these addresses, even if it is not entered. What are the logs saying when you try to access the not working website? (Optional) Importing Endpoint Profiles into FortiClient EMS, 3. Creating a security policy for wireless traffic, Make it a policy to learn before configuring policies. He had firewall on and app couldn't connect. Introducing the FortiGate 400F; 8. Enabling logging in your Internet access security policy, 2. (Optional) Upgrading the firmware for the HA cluster, Inspecting traffic content using flow-based inspection, 1. Adding the blocking profile to a security policy, Listing of Netflow Templates for FortiOS 5.4.x or later, 1. 05:24 AM. Use the following command to close the BGP port on the wan1 interface. Enabling DLP and Multiple Security Profiles, 3. (Optional) Setting the FortiGate's DNS servers, 5. Adding the default profile to a security policy, 1. Create the SSID and set up authentication, WiFi using FortiAuthenticator RADIUS with Certificates, 1. (Optional) FortiClient installer configuration, 1. 04:15 AM. Enabling endpoint control on the FortiGate, 2. 04:53 AM. In this example, select Wildcard6) Select the Action to take against matching URLs: Exempt, Block, Allow, or Monitor.7) Select 'Enable'.8) Select 'OK'. This way you don't need to use a web filter at all. Importing and signing the CSR on the FortiAuthenticator, 5. 1. Adding application control to your security policy, 2. FortiPortal - Customer Self Service Portal; 12. Does anyone have any clue or scripting links/examples on how to make the URI resources hosted by that server accessible only to the app that has URL: "myFancyApp.mybluemix.net" ? By To move a policy up or down, click and drag the far-left column of the policy. (Optional) Adding security profiles to the fabric, Integrating a FortiGate with FortiClient EMS, 2. Configuring and assigning the password policy, 3. What's New in FortiAnalyzer 7.2.0; 10. Connecting and authorizing the FortiAP, Captive portal WiFi access with a FortiToken-200, 2. Creating a security policy for remote access to the Internet, 4. Created on Configuring FortiGate to use FortiAuthenticator as the RADIUS server, 5. 05:01 AM. Confirm this by viewing policies By Sequence. Configuring Windows 7 wireless profile to use certificate, WiFi with WSSO using FortiAuthenticator RADIUS and Attributes, 1. Configuring the IPsec VPN using the Wizard, 2. C:\Windows\System32\drivers\etc Step 2: Choose Properties and tap on the Users tab. As in:firewall will filter connections OUTGOING to internet ? Then, to add the 1 website that you are permitting, you would add that to the website filter exceptions list. 05:12 AM. Creating a security policy for access to the Internet, 1. 1. How do these priorities affect each other? 08-12-2019 Creating a security policy for wireless traffic, Make it a policy to learn before configuring policies. The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Creating a new CA on the FortiAuthenticator, 4. Creating a custom application signature, 3. Logging to a FortiAnalyzer unit is not working as expected. Creating the Microsoft Azure virtual network gateway, 4. There are three types of URL that can be defined.1) Simple: A simple URL-Filter entry could be a regular URL. Verifying your Internet access security policy, Logging FortiGate traffic and using FortiView, 3. I know how to create the objects and address group for the farm. Switch from the Allowlist mode to the Block list mode. In order to be applied to Internet traffic, the new policy has to be 8.1k views 7 slides Fortigate Training NCS Computech Ltd. 31.7k views 280 slides FortiGate Firewall HOW-TO - DMZ Installing FSSO agent on the Windows DC, 4. Configuring FortiGate to use the RADIUS server, 5. You can't 'block by country except for certain computers there'. Configuring Windows 7 wireless profile to use certificate, WiFi with WSSO using FortiAuthenticator RADIUS and Attributes, 1. 2) Select the web-filtering profile that is to be applied on the security policy that is used for web traffic. Requesting and installing a server certificate for FortiOS, 2. The SA proposals do not match (SA proposal mismatch). Configuring Single Sign-On on the FortiGate, Single Sign-On using LDAP and FSSO agent in advanced mode (Expert), 1. About Press Copyright Contact us Creators Advertise Developers Terms Privacy Policy & Safety How YouTube works Test new features NFL Sunday Ticket Press Copyright . Creating a policy for part-time staff that enforces the schedule, 5. For Layer 7 virtual servers, FortiADC blocks access after the handshake, allowing . Configuring External to connect to Accounting, 3. Creating a security policy for access to the Internet, 1. ] . There is a server in company's intranet or DMZ, behind a firewall. Importing the local certificate to the FortiGate, 6. After some time looking into this I started to think it was impossible. Just to quickly check if I understood it correctly: Specifying the Microsoft Azure DNS server, 3. 07-10-2018 Creating a local service certificate on FortiAuthenticator, 3. Creating a custom application signature, 3. Adding web filtering to a security policy, WiFi RADIUS authentication with FortiAuthenticator, 1. Connecting and authorizing the FortiAP, Captive portal two-factor authentication with FortiToken Mobile, 2. You will use this profile to monitor traffic and identify any applications that should be blocked. (Optional) Setting the FortiGate's DNS servers, 5. Creating a user account and user group, 5. Adding an address for the local network, 5. set dstaddr all. After LastPass's breaches, my boss is looking into trying an on-prem password manager. And what are the pros and cons vs cloud based? message appears, blocking the subdomain. Allowing traffic from the internal network to the WAN link interface, Sandboxing with FortiSandbox and FortiClient, 3. Adding security policies for access to the Internet and internal network, SSO using a FortiGate, FortiAuthenticator, and DC Polling (Expert), 3. Copyright 2023 Fortinet, Inc. All Rights Reserved. Editing the security policy for outgoing traffic, 5. Edited on Creating the Microsoft Azure virtual network gateway, 4. Enabling logging in your Internet access security policy, 2. Create the user accounts and user group on the FortiAuthenticator, 2. FortiGate VM64v6.0.6 build0272 for a new customer and they have a list of white listed URL's. Importing and signing the CSR on the FortiAuthenticator, 5. What do hair pins have to do with networking? Adding a user account to FortiToken Mobile, 4. By default, the Local-In policy allows access to all addresses but you can create address groups to block specific IPs. Configuring the SSID to RADIUS authentication, WiFi with WSSO using Windows NPS and Attributes, 1. Solution 1) Go to Security Profile > Web filter. This topic has been locked by an administrator and is no longer open for commenting. Under Security Profiles, enable Web Filter and select the default web filter profile. I am staging a Creating a web filter profile that uses quotas, 3. Adding the FortiToken to FortiAuthenticator, 2. Creating the FortiGate firewall policies, 9. Allowing traffic from the internal network to the WAN link interface, Sandboxing with FortiSandbox and FortiClient, 3. Created on I resolved this problem by changing proxy-based to flow-based but I want to know the source of the problem. Configuring local user certificate on FortiAuthenticator, 9. Adding the signature to the default Application Control profile, 4. Set Type to Wildcard, set Action to Block, and set Status to Enable. We were thinking maybe he has to create whitelist web filter and add a record looking like: I would highly recommend that you seek assistance from a qualified Fortigate Expert or Vendor. Reserving an IP address for the device, 5. 07-06-2018 Creating S3 buckets with license and firewall configurations, 4. 07:30 AM, The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Configuring the Primary FortiGate for HA, 4. Connecting the FortiGate to the RADIUS Server, 2. Configuring RADIUS EAP on FortiAuthenticator, 4. You might be able to find these by googling. Thanks for responding. is used to show all the available options: Technical Tip: Using a static URL filter feature t set exempt fortiguard' can be used, instead of all, Technical Tip: Using a static URL filter feature to allow/block web sites. Connecting to the IPsec VPN from the Windows Phone 10, 1. The most common mistake it to create a "Domain" policy to block most malicious stuff (like certain ports and/or application) then create a RDS policy that only have white-lists of websites but allowing or ignoring the "Domain" policies for RDS servers.then the RDS servers become a backdoor ??. Enable HTTPS traffic. Check the FortiGate interface configurations (NAT/Route mode only), 5. Go to Security Profiles > Application Control and view the default profile. Make sure that the website (s) you need isn't in the Blocklist. Create a web filter security policy where you can setup website blocking and exemptions and attach that security policy to a firewall policy. Creating an SSID with RADIUS authentication, WiFi with WSSO using Windows NPS and FortiGate Groups. Logs from a FortiAnalyzer, FortiManager, or from FortiCloud do not appear in the GUI. Editing the security policy for outgoing traffic, 5. Verify the security policy configuration, 6. Created on Editing the default Web Filter profile, 3. Configuring FortiGate to use the RADIUS server, 5. Using the default Application Control profile to monitor network traffic, 3. For some internet resources, such wildcard will broke TLS/SSL handshake. SolutionNormal behavior would be to have some entries with allowed status and one wildcard * with block. Setting up a compliant FortiClient device, Assigning WiFi users to VLANs dynamically, 2. Background. Connecting and authorizing the FortiAP, Captive portal two-factor authentication with FortiToken Mobile, 2. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Pre-existing IPsec VPN tunnels need to be cleared. 12-31-2021 Go to Security Profiles > Web Filter and edit the default Web Filter profile. Configuring the SSL VPN web portal and settings, 4. Configuring user groups on the FortiGate, 7. 11-23-2021 Creating the LDAPS Server object in the FortiGate, 1. Creating the DNS Filter Profile and enabling Botnet C&C database, 3. Stay with us! Adding application control to your security policy, 2. 1. FortiPortal - Service Provider Admin Portal; 13. For Layer 4 virtual servers, FortiADC blocks access when the first TCP SYN packet arrives. Setting up an internal network with a managed FortiSwitch, 6. This allows the FortiGate to inspect and apply web filtering to HTTPS traffic. We need this server locked down and blocked from any incoming connections except one app located at"myFancyApp.mybluemix.net" making https GET requests to retrieve data in JSON format on that server on various URIs with the help ofFortigate 90e firewall through which all of this communication is happening. Installing and configuring the Marketing FortiGate, 4. 3) Create two static URL filters, as displayed in the following screenshot: This configuration will block everything except any URL's which contain fortinet.com. Created on FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Installing FSSO agent on the Windows DC, 4. Copyright 2023 Fortinet, Inc. All Rights Reserved. Creating a guest SSID that uses Captive Portal, 3. FortiSIEM and . Confirm that the FortiGuard category based filter is enabled. 05:38 AM. We have developed an app that makes a connection to a box server in the company using Domino Access services. Adding virtual wire pair firewall policies, Enforcing network security using a FortiClient Profile, 5. Attempt to visit a social networking site such as facebook.com, twitter.com, or meetup.com. Add the RADIUS server to the FortiGate configuration, 3. Configuring a traffic shaper to limit bandwidth, 4. Anthony_E. Applying the profile to a security policy, 1. This article provides an example of how to block all websites, whilst allowing only one. If this doesn't work because unfortunately on the IPv4 policy you can't have wildcard FQDNs, then I would have the IT guy make a web filter. more options. Enabling the Cooperative Security Fabric, 7. I had to remove the machine from the domain Before doing that . Checking cluster operation and disabling override, 2. Anyone have suggestions on how this should be configured? I have a whitelist address group in my firewall for troublesome websites that don't load nicely with filtering enabled, I have one address group I add all the whitelisted addresses to, some are IP's, some are domains. 07-06-2018 Go to System > Feature Select to enable the Web Filter feature. Customizing the captive portal login page, 6. Creating a policy that denies mobile traffic. 05:50 AM. The person configuring this firewall was unable to quickly have a suitable solution on how to restrict EVERYTHING else from communicating with server except that one app that has dedicated URL. Fortinet Community Knowledge Base FortiGate Technical Tip: How To block all the web sites whil. set scraddr all. Using virtual IPs to configure port forwarding, 1. (Optional) Adding security profiles to the fabric, Integrating a FortiGate with FortiClient EMS, 2. and what do you see in the web browser. The default Application Control profile is set to monitor all applications except for Unknown pplications. Adding an address for the local network, 5. Configuring Single Sign-On on the FortiGate, Single Sign-On using LDAP and FSSO agent in advanced mode (Expert), 1. The blocked social networking sites are listed in the Domain column. I'm running a Fortigate on 6.0.10 (will upgrade if new version has better implementation). Installing a FortiGate in NAT/Route mode, 2. 07-09-2018 Creating a default route for the WAN link interface, 6. Connecting and authorizing the FortiAP unit, 4. Registering the FortiGate as a RADIUS client on the FortiAuthenticator, 2. the same traffic. Integrating the FortiGate with the Windows DC LDAP server, 2. See Preventing certificate warnings for more information. 07-09-2018 Configuring a remote Windows 7 L2TP client, 3. Configuring RADIUS client on FortiAuthenticator, 5. I don't know yet if I can make use of this, and if it works, but it most definitely answers the question I asked. (Optional) Upgrading the firmware for the HA cluster, Inspecting traffic content using flow-based inspection, 1. Connecting the network devices and logging onto the FortiGate, 2. Adding the Web Filter profile to the Internet access policy, 2. There should be an additional policy ON TOP of the current policies to block ALL websites except for those white-listed only for the RDS servers (and also probably only port 3389 to the RDS servers only as well) ?. Creating the RADIUS Client on FortiAuthenticator, 4. Configuring Single Sign-On on the FortiGate. Configuring Single Sign-On on the FortiGate. FortiGate registration and basic settings, 5. Configuring the IPsec VPN using the Wizard, 2.