Solved

Remote Branch Internet Access

Posted on 2007-11-29
3
289 Views
Last Modified: 2012-06-21
Hi, I have an issue with filtering web access from a remote branch through the head office Fortigate 100.  We have 2 Sites with a private link between the two which is managed by BT.  The link is not designed to carry internet traffic so we need to use a proxy server to get net access.  The problem we are having is the when the ISA 2004 proxy forwards the request to the fortigate, the traffic appears from the proxy server and cannot filter based on username/group assignment.  My main question is, is there anyway that the proxy server can forward the username and original ip information onto the fortigate for filtering.....

many thanks
0
Comment
Question by:aztechcomms
3 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 500 total points
ID: 20380699
You can give basic authentication forwarding in ISA a try. No garantuee that this will work, but you can't loose...
To do this, open the listener part of the rule and on the preferences tab click the authentication button.
Make sure only 'basic authentication' is selected (remove all other check boxes). Close out and doubleclick the name of the rule and open the users tab. Then enable the checkbox at the bottom for forward basic authentication

I have a similar problem where all traffic originates from one IP and the appliance (NetASQ in our case) can authenticate a user but from then on all traffic seems to be originating from that first authenticated user. That's because once authenticated ALL non ISA appliances I have seen (including Fortinet) track the IP, not the user, when working with AD authentication.
This can only be resolved by doing the filtering on the ISA server, but that would mean adding another filtering package.

J.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Read about achieving the basic levels of HRIS security in the workplace.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now