Hello,
Can we use Azure AD as source on firewall rule, and make the log by username also rather than using source IP?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Unfortunately Azure AD can't be connected to FortiGate as windows AD agent also called FSSO.
Hi @HS08,
You can use Azure as SAML Idp for firewall authentication but user need to login at the time of connection, not like FSSO suggested by my colleague where user can login to their domain computer and the user is already authenticated. Please refer to this document for more information https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/33053/outbound-firewall-auth...
Regards,
Minh
This might not be applicable to your situation, but I had the same problem due to most of my devices being non-bind AD MacBooks. What I was able to do to solve the problem to get to the result you are asking for, was to use FortiAuthenticator (FAC). What you are trying to get is FSSO like the others have mentioned. That FSSO for me was via the use of this methodology using FAC. I have a web filter that gives me constant syslog info from the clients, thus I am able to match them to policy rules I source out to their FSSO group pretty easily.
There is also a cookbook article to use Azure AD with FAC to achieve FSSO using this article.
FAC also has a Windows client (though I have never used or implemented it), but they don't have a macOS client, so I never looked further (hint hint Fortinet!!).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.