The user logon information sent to FortiGate units can be restricted to specific IP addresses or address ranges. If no filters are defined, information is sent for all addresses.
Once created, IP filtering rules must be assigned to FortiGate filters under Fortinet SSO Methods > SSO > FortiGate Filtering (see FortiGate filtering for more information).
To view the list of the IP filtering rules, go to Fortinet SSO Methods > SSO > IP Filtering Rules.
- From the IP filtering rules list, select Create New. The Create New IP Filtering Rule window opens.
- Enter the following information:
- IPv4 address/mask:
- IP range:
- Select OK to create the new IP filtering rule.
|Name||Enter a name for the rule.|
|Filter Mode||Either Include or Exclude the defined IPs in SSO.|
|Filter Type||Select whether the rule will specify an IPv4 address and netmask, an IPv6 address range, or an IPv6 address.|
Enter either an IP address and netmask or an IP address range (depending on the selected filter type). For example: