Skip to main content
moby
moby
New Member
January 17, 2018
Question

Fortigate 5.4 Explicit Proxy and Authentication

  • January 17, 2018
  • 1 reply
  • 4769 views

Hi Folks,

 

I would like to set up a Fortigate Firewall running 5.4.7 as an explicit proxy and have users authenticate by typing in their username and password. I want different A/D user groups to have different security profiles. So what I would like to do is just set up LDAP and use only LDAP authentication for the users. Can anyone tell me if this is possible? And if so which authentication method I should use in the proxy policy?

 

I could use FSSO but some devices are not on the domain, so I would rather just use LDAP credentials for the authentication. Any pointers appreciated.

 

Thanks, Moby.

    1 reply

    eksjonathan
    eksjonathan
    New Member
    April 11, 2018

    Hi Moby,

     

    This is possible but you will find the web page that requests the credentials is not served over HTTPS.  This means your users' credentials (including password) will be sent over the network in plain text.  I consider that to be a massive short fall.

     

    I found this article http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-WAN-opt-54/web_proxy.htm very helpful, along with this cookbook video https://www.youtube.com/watch?v=bSGzW4MnZ8E.

     

    Jonathan

    Terms & ConditionsAccessibility statement