- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Age-group based web/content filter – Guests
Age-group based web/content filter – Guests
I have an interesting client requirement where we have to capture the guest’s age along with username/password in captive portal and serve the webcontent based on their age.
I have got both Cisco ISE and ClearPass guest servers. I have got Cisco WLCs in the setup.
I have got both Fortigate(webfilter) and Cisco ASA. How to implement this solution to serve content based on guest’s age?
I can only category based filter in fortigate.
Thanks,
Solved! Go to Solution.
- Labels:
-
Secure Web Gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you can have your RADIUS server return the age in the Fortinet-Group-Name attribute, that would make things very simple.
Once that's done just create user groups on the Fortigate that match on your radius server + group name and apply those groups to policy.
I.e., User age is 19, RADIUS server returns Fortinet-Group-Name attribute "Age19". On the Fortigate, create a group called "UserAge19", match remote users on RADIUS Server with group name "Age19". Then create firewall policies that use the correct source IP range (or "any") and the "UserAge19" group.
There are ways to make user groups look at other RADIUS attributes in CI instead of just Fortinet-Group-Name (I think it's the "class" setting under "config user radius \ edit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rajesh,
this age information - is it stored somewhere on the webpages?
In other words, where should it come from?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Age information is stored in the radius servers. I can return them as user catagory.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you can have your RADIUS server return the age in the Fortinet-Group-Name attribute, that would make things very simple.
Once that's done just create user groups on the Fortigate that match on your radius server + group name and apply those groups to policy.
I.e., User age is 19, RADIUS server returns Fortinet-Group-Name attribute "Age19". On the Fortigate, create a group called "UserAge19", match remote users on RADIUS Server with group name "Age19". Then create firewall policies that use the correct source IP range (or "any") and the "UserAge19" group.
There are ways to make user groups look at other RADIUS attributes in CI instead of just Fortinet-Group-Name (I think it's the "class" setting under "config user radius \ edit
