Solved

Remote Branch Internet Access

Posted on 2007-11-29
3
296 Views
Last Modified: 2012-06-21
Hi, I have an issue with filtering web access from a remote branch through the head office Fortigate 100.  We have 2 Sites with a private link between the two which is managed by BT.  The link is not designed to carry internet traffic so we need to use a proxy server to get net access.  The problem we are having is the when the ISA 2004 proxy forwards the request to the fortigate, the traffic appears from the proxy server and cannot filter based on username/group assignment.  My main question is, is there anyway that the proxy server can forward the username and original ip information onto the fortigate for filtering.....

many thanks
0
Comment
Question by:aztechcomms
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 500 total points
ID: 20380699
You can give basic authentication forwarding in ISA a try. No garantuee that this will work, but you can't loose...
To do this, open the listener part of the rule and on the preferences tab click the authentication button.
Make sure only 'basic authentication' is selected (remove all other check boxes). Close out and doubleclick the name of the rule and open the users tab. Then enable the checkbox at the bottom for forward basic authentication

I have a similar problem where all traffic originates from one IP and the appliance (NetASQ in our case) can authenticate a user but from then on all traffic seems to be originating from that first authenticated user. That's because once authenticated ALL non ISA appliances I have seen (including Fortinet) track the IP, not the user, when working with AD authentication.
This can only be resolved by doing the filtering on the ISA server, but that would mean adding another filtering package.

J.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about how to approach blogging and about ways to do it right. Stand out from the crowd and let your knowledge be consumed by a large audience. This article aims to explain how your blog should look like,  the most important things to do while b…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question