IP filtering rules
The user logon information sent to FortiGate units can be restricted to specific IP addresses or address ranges. If no filters are defined, information is sent for all addresses.
When created, IP filtering rules must be assigned to FortiGate filters under Fortinet SSO Methods > SSO > FortiGate Filtering (see FortiGate filtering for more information).
To view the list of the IP filtering rules, go to Fortinet SSO Methods > SSO > IP Filtering Rules.
To create new IP filtering rules:
- From the IP filtering rules list, select Create New. The Create New IP Filtering Rule window opens.
- Enter the following information:
Name Enter a name for the rule. Filter Mode Either Include or Exclude the defined IPs in SSO. Filter Type Select whether the rule will specify an IPv4 address and netmask, an IPv6 address range, or an IPv6 address. Rule Enter either an IP address and netmask or an IP address range (depending on the selected filter type). For example:
- IPv4 address/mask:
10.0.0.1/255.255.255.0
- IP range:
10.0.0.1/10.0.0.99
- IPv6:
2001:db8:1ced:f00d::/128
- IPv4 address/mask:
- Select OK to create the new IP filtering rule.