?
Solved

FortiGate 80CM and AD

Posted on 2010-09-16
7
Medium Priority
?
1,035 Views
Last Modified: 2012-05-10
Hi all,

I see the FortiGate 80CM has the ability to connect to my AD, does that mean there is a way to control the web traffic based on users then ? Based on who browses the web, I can apply webfilter rules ?

Can anyone walk me tru the setup ? I'm more a Cisco guy :)

Txs
0
Comment
Question by:DaBoags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728007
It's been a while since I have worked with Fortinet.. couple years any way.. but I do seem to recall that their devices are feature rich and have a ton of built in 'blades' you can enable ($$). And I seem to recall they do have a URL filter service you can pay to enable the license for and this enables a subscription so to speak to thier URL database as well as the ability to add custom URL's and keywords yourself.

http://www.fortiguard.com/webfiltering/webfiltering.html

Just looked up.. above is the URL. I worked at a company which sold and supported these. Not may people around are familiar with this line. I have one running at a friends shop and if you need help getting this set up just let me know.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728048
Sorry, to answer your question, whether you can set the filters based on AD groups, I doubt that is in the small 80CM product. You may get that with one of thier web filter appliances. I am doing some more digging for you. It's been a while.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728210
After a quick review of the 'FORT-OS Handbook' there is no evidence of hooking into AD. I just see profiles can be created and applied to individual FW policies.

You may have this but if not - http://docs.fortinet.com/fgt/handbook/fortios-handbook-40-mr2.pdf

I
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 

Author Comment

by:DaBoags
ID: 33730818
Thanks Toby,

I see a LDAP link though in the Fortigate, but I can't see anything more than that, you may be right, the 80CM may just be too "small".

Let's see what the others have to say :)
0
 
LVL 4

Accepted Solution

by:
Whiterat earned 1500 total points
ID: 33749302
I would be massively surprised if the 80CM can't do it since I have set this up on everything from a Fortigate 50A through to the 620B (including the 80C, not sure what the difference is with the C and CM)

There are a couple of ways of doing this depending on how you want it.

Either the users can authenticate through a webpage with their username and password or you can install FSAE (Fortinet Server Authentication Extension) onto your domain controllers and use its SSO (Single sign on) feature.

This also depends massively on what version of FortiOS you are running, since the 80CM is a new model it should be 4.x, builds 279 and higher handle LDAP differently to the previous versions so might be worth updating prior

Let me know which way you wish to go.
0
 
LVL 4

Expert Comment

by:Whiterat
ID: 33749324
Oh the only difference between the 80C and the 80CM is the CM has a 56k modem in it like the old 60B.

In which case it is definitely posible.
0
 

Author Closing Comment

by:DaBoags
ID: 33749617
Thanks WR, this is what I needed to hear :)

I'll let you know how I go with the setup but I'll award the points anyways.

I like the idea of FSAE, makes my life simple.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question