[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Remote Branch Internet Access

Posted on 2007-11-29
3
Medium Priority
?
299 Views
Last Modified: 2012-06-21
Hi, I have an issue with filtering web access from a remote branch through the head office Fortigate 100.  We have 2 Sites with a private link between the two which is managed by BT.  The link is not designed to carry internet traffic so we need to use a proxy server to get net access.  The problem we are having is the when the ISA 2004 proxy forwards the request to the fortigate, the traffic appears from the proxy server and cannot filter based on username/group assignment.  My main question is, is there anyway that the proxy server can forward the username and original ip information onto the fortigate for filtering.....

many thanks
0
Comment
Question by:aztechcomms
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 2000 total points
ID: 20380699
You can give basic authentication forwarding in ISA a try. No garantuee that this will work, but you can't loose...
To do this, open the listener part of the rule and on the preferences tab click the authentication button.
Make sure only 'basic authentication' is selected (remove all other check boxes). Close out and doubleclick the name of the rule and open the users tab. Then enable the checkbox at the bottom for forward basic authentication

I have a similar problem where all traffic originates from one IP and the appliance (NetASQ in our case) can authenticate a user but from then on all traffic seems to be originating from that first authenticated user. That's because once authenticated ALL non ISA appliances I have seen (including Fortinet) track the IP, not the user, when working with AD authentication.
This can only be resolved by doing the filtering on the ISA server, but that would mean adding another filtering package.

J.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question