Solved

FortiGate 80CM and AD

Posted on 2010-09-16
7
1,031 Views
Last Modified: 2012-05-10
Hi all,

I see the FortiGate 80CM has the ability to connect to my AD, does that mean there is a way to control the web traffic based on users then ? Based on who browses the web, I can apply webfilter rules ?

Can anyone walk me tru the setup ? I'm more a Cisco guy :)

Txs
0
Comment
Question by:DaBoags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728007
It's been a while since I have worked with Fortinet.. couple years any way.. but I do seem to recall that their devices are feature rich and have a ton of built in 'blades' you can enable ($$). And I seem to recall they do have a URL filter service you can pay to enable the license for and this enables a subscription so to speak to thier URL database as well as the ability to add custom URL's and keywords yourself.

http://www.fortiguard.com/webfiltering/webfiltering.html

Just looked up.. above is the URL. I worked at a company which sold and supported these. Not may people around are familiar with this line. I have one running at a friends shop and if you need help getting this set up just let me know.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728048
Sorry, to answer your question, whether you can set the filters based on AD groups, I doubt that is in the small 80CM product. You may get that with one of thier web filter appliances. I am doing some more digging for you. It's been a while.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728210
After a quick review of the 'FORT-OS Handbook' there is no evidence of hooking into AD. I just see profiles can be created and applied to individual FW policies.

You may have this but if not - http://docs.fortinet.com/fgt/handbook/fortios-handbook-40-mr2.pdf

I
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 

Author Comment

by:DaBoags
ID: 33730818
Thanks Toby,

I see a LDAP link though in the Fortigate, but I can't see anything more than that, you may be right, the 80CM may just be too "small".

Let's see what the others have to say :)
0
 
LVL 4

Accepted Solution

by:
Whiterat earned 500 total points
ID: 33749302
I would be massively surprised if the 80CM can't do it since I have set this up on everything from a Fortigate 50A through to the 620B (including the 80C, not sure what the difference is with the C and CM)

There are a couple of ways of doing this depending on how you want it.

Either the users can authenticate through a webpage with their username and password or you can install FSAE (Fortinet Server Authentication Extension) onto your domain controllers and use its SSO (Single sign on) feature.

This also depends massively on what version of FortiOS you are running, since the 80CM is a new model it should be 4.x, builds 279 and higher handle LDAP differently to the previous versions so might be worth updating prior

Let me know which way you wish to go.
0
 
LVL 4

Expert Comment

by:Whiterat
ID: 33749324
Oh the only difference between the 80C and the 80CM is the CM has a 56k modem in it like the old 60B.

In which case it is definitely posible.
0
 

Author Closing Comment

by:DaBoags
ID: 33749617
Thanks WR, this is what I needed to hear :)

I'll let you know how I go with the setup but I'll award the points anyways.

I like the idea of FSAE, makes my life simple.
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 193
Restrict RDP Remote Access through SonicWall 3 143
Website Issue 10 96
Fortigate: access IPSEC remote site over ssl-vpn 4 21
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question