Solved

FortiGate 80CM and AD

Posted on 2010-09-16
7
1,030 Views
Last Modified: 2012-05-10
Hi all,

I see the FortiGate 80CM has the ability to connect to my AD, does that mean there is a way to control the web traffic based on users then ? Based on who browses the web, I can apply webfilter rules ?

Can anyone walk me tru the setup ? I'm more a Cisco guy :)

Txs
0
Comment
Question by:DaBoags
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728007
It's been a while since I have worked with Fortinet.. couple years any way.. but I do seem to recall that their devices are feature rich and have a ton of built in 'blades' you can enable ($$). And I seem to recall they do have a URL filter service you can pay to enable the license for and this enables a subscription so to speak to thier URL database as well as the ability to add custom URL's and keywords yourself.

http://www.fortiguard.com/webfiltering/webfiltering.html

Just looked up.. above is the URL. I worked at a company which sold and supported these. Not may people around are familiar with this line. I have one running at a friends shop and if you need help getting this set up just let me know.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728048
Sorry, to answer your question, whether you can set the filters based on AD groups, I doubt that is in the small 80CM product. You may get that with one of thier web filter appliances. I am doing some more digging for you. It's been a while.
0
 
LVL 1

Expert Comment

by:tobyhansen
ID: 33728210
After a quick review of the 'FORT-OS Handbook' there is no evidence of hooking into AD. I just see profiles can be created and applied to individual FW policies.

You may have this but if not - http://docs.fortinet.com/fgt/handbook/fortios-handbook-40-mr2.pdf

I
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:DaBoags
ID: 33730818
Thanks Toby,

I see a LDAP link though in the Fortigate, but I can't see anything more than that, you may be right, the 80CM may just be too "small".

Let's see what the others have to say :)
0
 
LVL 4

Accepted Solution

by:
Whiterat earned 500 total points
ID: 33749302
I would be massively surprised if the 80CM can't do it since I have set this up on everything from a Fortigate 50A through to the 620B (including the 80C, not sure what the difference is with the C and CM)

There are a couple of ways of doing this depending on how you want it.

Either the users can authenticate through a webpage with their username and password or you can install FSAE (Fortinet Server Authentication Extension) onto your domain controllers and use its SSO (Single sign on) feature.

This also depends massively on what version of FortiOS you are running, since the 80CM is a new model it should be 4.x, builds 279 and higher handle LDAP differently to the previous versions so might be worth updating prior

Let me know which way you wish to go.
0
 
LVL 4

Expert Comment

by:Whiterat
ID: 33749324
Oh the only difference between the 80C and the 80CM is the CM has a 56k modem in it like the old 60B.

In which case it is definitely posible.
0
 

Author Closing Comment

by:DaBoags
ID: 33749617
Thanks WR, this is what I needed to hear :)

I'll let you know how I go with the setup but I'll award the points anyways.

I like the idea of FSAE, makes my life simple.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 173
How to choose hardware firewall 5 62
Advice on setting up a new network for a small business 3 113
Swapping port on a  Cisco 5510 firewall 1 25
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question