?
Solved

Fortigate 90D with windows active directory

Posted on 2015-02-05
4
Medium Priority
?
84 Views
Last Modified: 2015-11-20
Hi all,

I have a FG-90D ( on FortiOS 5.2.2 )that i'm planning to install in the windows active directory environment ( DC is MS windows 2000 , i know due to upgrade but options are limited ) . All the interface config and static route and basic firwall policy has been applied and its working fine.

What i'm trying to achieve?
Setup the UTM in such a way that i'm able to block all the websites that is not in the whitelist for selected users or group. And give certain users or group unrestricted access to the internet using etc policy or etc.

So i need your expert advise and option.

Many thanks in advance
0
Comment
Question by:Danbrasco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40591163
If you have limited website list to provide to access to end user you can go with your plan,
but if that white list is growing it could be head ache for you...
0
 
LVL 18

Expert Comment

by:Don S.
ID: 40591253
The key here is to correctly identify the user.  I don't know that the Fortigate will integrate with the 2000 DC to provide user authentication - so that is a problem.  Alternatively, You could setup local users in the fortigate and have everyone authenticate to the fortigate everytime they start a web browser session (I know, not good)  You also might be able to setup Radius authentication in the fortigate, but that only resolves the pain of having to enter all the users into the fortigate locally - the user would still be prompted to enter credentials to browse.  Other solutions would be to setup a separate proxy machine that does the website filtering independent of the fortigate - but that is adding a lot more complexity to the mix and in my experience is not worth it.
0
 

Author Comment

by:Danbrasco
ID: 40591499
Hi,

Praveen, email whitelist rarely changes and its been same for sometime. so i don't think it will be problem.

dons6718, i understand the limitation posed by the current setup. To keep it simple, i'm trying to avoid radius or proxy server. If SSOF is not possible, what about using just the LDAP to get the users, computers and groups list and implement restriction policy on that these objects?
I'm open to advise and opinions.


Thanks in advance
0
 
LVL 4

Accepted Solution

by:
Praveen Kumar Bonala earned 1500 total points
ID: 40591670
In that case it could be ok..
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question