Skip to main content
MohamedAmmar
MohamedAmmar
New Member
July 31, 2017
Question

Forti deployment problem.

  • July 31, 2017
  • 1 reply
  • 7061 views

Hello all , 

 

 

      Good day for you .. I'm a newbie to FortiGate and currently deploying a FortiGate 100D and want to customize it to my LAN , but i'm facing some issues , and here's the situation.

 

1 - I'm using Layer 3 Switch as default gateway which route to internet through ASA as static route . I don't want to change that .

 

2 - I want to make fortiGate as a firewall before another internet connection. and access it as a proxy to bypass my default configurations.

 

The main configurations i made : 

 

1 - FortiGate in NAT mode. ( Does it help to change it to transparent ? ) 

2 - I've enabled the ' explicit proxy ' and checked it on the LAN interface

 

The obstacles i'm facing are : 

 

1 - I want to deploy the IPV4 rules not explicit rules , Can I ? i want it to deploy policies based on Single sign. I synch it with my Microsoft AD LDAP. But in explicit proxy , i can not deploy policies based on users.

 

I there is a help to obtain a solution where user can access specific internet connection through proxy ( FortiGate ) and policies can be based on FSSO ? Thanks.

    1 reply

    MohamedAmmar
    MohamedAmmarAuthor
    New Member
    August 2, 2017

    Any help ?? 

    MikePruett
    MikePruett
    New Member
    August 2, 2017

    I have read through your post a few times but I cant decipher what exactly you are trying to do exactly.

     

    You want the FortiGate to have it's own internet connection separate from the ASA that way you can bypass the ASA etc?

    MohamedAmmar
    MohamedAmmarAuthor
    New Member
    August 2, 2017

    Yes. I want that .. I want a PC in my LAN to access it by changing the proxy settings from internet options , and uses the IP of Forti as it's proxy server. 

     

    Thanks, 

    Terms & ConditionsAccessibility statement