Solved

FortiGate 80CM and AD

Posted on 2010-09-16
7
1,026 Views
Last Modified: 2012-05-10
Hi all,

I see the FortiGate 80CM has the ability to connect to my AD, does that mean there is a way to control the web traffic based on users then ? Based on who browses the web, I can apply webfilter rules ?

Can anyone walk me tru the setup ? I'm more a Cisco guy :)

Txs
0
Comment
Question by:DaBoags
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728007
It's been a while since I have worked with Fortinet.. couple years any way.. but I do seem to recall that their devices are feature rich and have a ton of built in 'blades' you can enable ($$). And I seem to recall they do have a URL filter service you can pay to enable the license for and this enables a subscription so to speak to thier URL database as well as the ability to add custom URL's and keywords yourself.

http://www.fortiguard.com/webfiltering/webfiltering.html

Just looked up.. above is the URL. I worked at a company which sold and supported these. Not may people around are familiar with this line. I have one running at a friends shop and if you need help getting this set up just let me know.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728048
Sorry, to answer your question, whether you can set the filters based on AD groups, I doubt that is in the small 80CM product. You may get that with one of thier web filter appliances. I am doing some more digging for you. It's been a while.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728210
After a quick review of the 'FORT-OS Handbook' there is no evidence of hooking into AD. I just see profiles can be created and applied to individual FW policies.

You may have this but if not - http://docs.fortinet.com/fgt/handbook/fortios-handbook-40-mr2.pdf

I
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:DaBoags
ID: 33730818
Thanks Toby,

I see a LDAP link though in the Fortigate, but I can't see anything more than that, you may be right, the 80CM may just be too "small".

Let's see what the others have to say :)
0
 
LVL 4

Accepted Solution

by:
Whiterat earned 500 total points
ID: 33749302
I would be massively surprised if the 80CM can't do it since I have set this up on everything from a Fortigate 50A through to the 620B (including the 80C, not sure what the difference is with the C and CM)

There are a couple of ways of doing this depending on how you want it.

Either the users can authenticate through a webpage with their username and password or you can install FSAE (Fortinet Server Authentication Extension) onto your domain controllers and use its SSO (Single sign on) feature.

This also depends massively on what version of FortiOS you are running, since the 80CM is a new model it should be 4.x, builds 279 and higher handle LDAP differently to the previous versions so might be worth updating prior

Let me know which way you wish to go.
0
 
LVL 4

Expert Comment

by:Whiterat
ID: 33749324
Oh the only difference between the 80C and the 80CM is the CM has a 56k modem in it like the old 60B.

In which case it is definitely posible.
0
 

Author Closing Comment

by:DaBoags
ID: 33749617
Thanks WR, this is what I needed to hear :)

I'll let you know how I go with the setup but I'll award the points anyways.

I like the idea of FSAE, makes my life simple.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now