• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1040
  • Last Modified:

FortiGate 80CM and AD

Hi all,

I see the FortiGate 80CM has the ability to connect to my AD, does that mean there is a way to control the web traffic based on users then ? Based on who browses the web, I can apply webfilter rules ?

Can anyone walk me tru the setup ? I'm more a Cisco guy :)

Txs
0
DaBoags
Asked:
DaBoags
  • 3
  • 2
  • 2
1 Solution
 
tobyhansenCommented:
It's been a while since I have worked with Fortinet.. couple years any way.. but I do seem to recall that their devices are feature rich and have a ton of built in 'blades' you can enable ($$). And I seem to recall they do have a URL filter service you can pay to enable the license for and this enables a subscription so to speak to thier URL database as well as the ability to add custom URL's and keywords yourself.

http://www.fortiguard.com/webfiltering/webfiltering.html

Just looked up.. above is the URL. I worked at a company which sold and supported these. Not may people around are familiar with this line. I have one running at a friends shop and if you need help getting this set up just let me know.
0
 
tobyhansenCommented:
Sorry, to answer your question, whether you can set the filters based on AD groups, I doubt that is in the small 80CM product. You may get that with one of thier web filter appliances. I am doing some more digging for you. It's been a while.
0
 
tobyhansenCommented:
After a quick review of the 'FORT-OS Handbook' there is no evidence of hooking into AD. I just see profiles can be created and applied to individual FW policies.

You may have this but if not - http://docs.fortinet.com/fgt/handbook/fortios-handbook-40-mr2.pdf

I
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
DaBoagsAuthor Commented:
Thanks Toby,

I see a LDAP link though in the Fortigate, but I can't see anything more than that, you may be right, the 80CM may just be too "small".

Let's see what the others have to say :)
0
 
WhiteratCommented:
I would be massively surprised if the 80CM can't do it since I have set this up on everything from a Fortigate 50A through to the 620B (including the 80C, not sure what the difference is with the C and CM)

There are a couple of ways of doing this depending on how you want it.

Either the users can authenticate through a webpage with their username and password or you can install FSAE (Fortinet Server Authentication Extension) onto your domain controllers and use its SSO (Single sign on) feature.

This also depends massively on what version of FortiOS you are running, since the 80CM is a new model it should be 4.x, builds 279 and higher handle LDAP differently to the previous versions so might be worth updating prior

Let me know which way you wish to go.
0
 
WhiteratCommented:
Oh the only difference between the 80C and the 80CM is the CM has a 56k modem in it like the old 60B.

In which case it is definitely posible.
0
 
DaBoagsAuthor Commented:
Thanks WR, this is what I needed to hear :)

I'll let you know how I go with the setup but I'll award the points anyways.

I like the idea of FSAE, makes my life simple.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now