Remote Branch Internet Access

Hi, I have an issue with filtering web access from a remote branch through the head office Fortigate 100.  We have 2 Sites with a private link between the two which is managed by BT.  The link is not designed to carry internet traffic so we need to use a proxy server to get net access.  The problem we are having is the when the ISA 2004 proxy forwards the request to the fortigate, the traffic appears from the proxy server and cannot filter based on username/group assignment.  My main question is, is there anyway that the proxy server can forward the username and original ip information onto the fortigate for filtering.....

many thanks
aztechcommsAsked:
Who is Participating?
 
PowerITConnect With a Mentor Commented:
You can give basic authentication forwarding in ISA a try. No garantuee that this will work, but you can't loose...
To do this, open the listener part of the rule and on the preferences tab click the authentication button.
Make sure only 'basic authentication' is selected (remove all other check boxes). Close out and doubleclick the name of the rule and open the users tab. Then enable the checkbox at the bottom for forward basic authentication

I have a similar problem where all traffic originates from one IP and the appliance (NetASQ in our case) can authenticate a user but from then on all traffic seems to be originating from that first authenticated user. That's because once authenticated ALL non ISA appliances I have seen (including Fortinet) track the IP, not the user, when working with AD authentication.
This can only be resolved by doing the filtering on the ISA server, but that would mean adding another filtering package.

J.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.