FortiPAM Web launcher from WAN

AEK · ‎09-26-2024

Hello PAM admins

FortiPAM 1.4.1.

I'm very new in FortiPAM and I have questions regarding Web launcher.

When I'm in company's local network all works fine, Web launcher, RDP launcher and SSH launcher.

However when I'm outside and connect from public IP and try run Web launcher it doesn't work, while SSH launcher and RDP launcher still work fine.

I noticed that for both RDP and SSH launcher, PAM opens the browser tab with address bar contains a public address like https://pam.mycompany.com/someaddress.

While for Web launcher it opens the private IP of the target, which naturally can't work from WAN without some proxy on the client.

If I'm not wrong I think it needs FortiClient in order to work, right?

So my question:

Does it work with FortiClient for Windows, Linux & MacOS?
Does it require EMS?
Is there a plan to make it work in future release without FortiClient? (other PAM products can do it without agent)

AEK

Anthony_E · ‎09-29-2024

Hello Abdelkrim,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎10-02-2024

Hello Abdelkrim,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

AEK · ‎10-02-2024

Thanks Antony for your support

Nothing urgent for now.

AEK

Anthony_E · ‎10-02-2024

Thank you Abdelkrim :)!

Anthony-Fortinet Community Team.

chrisbenny · ‎10-02-2024

Hi,

In the target of the secret under advanced settings, have you enabled "Web proxy" and "Domain list" with access mode as "proxy" and then set up a FQDN or IP list?

https://docs.fortinet.com/document/fortipam/1.4.0/examples/699270/configuring-the-web-proxy-feature-...

https://docs.fortinet.com/document/fortipam/1.4.1/administration-guide/460943/web-proxy

AEK · ‎10-05-2024

Hi Chris

Thanks for your response.

I'll try this method and comeback with the result.

AEK

DylanFox · ‎10-11-2024

Any update?

AEK · ‎10-11-2024

FortiProduct (proxy enabled) works fine, but when I create a new target as described on the admin guide and above Examples doc, it doesn't works.

I'm still new in FPAM and just beginner in troubleshooting. I'll keep you updated if I have any interesting result.

For info, since I don't have FCT EMS, I had to install FortiPAM Agent on the client, which is only available for Windows :(

AEK

KIMAN_NGOR · ‎11-07-2024

Hello Abdelkrim,

Here are some steps to troubleshooting:

1. Ensure that FortiPAM can access to the internal web portal, if case FQDN ,FortiPAM can resolve .

2. Make sure you have enabled web proxy on the interface. https://docs.fortinet.com/document/fortipam/1.4.0/examples/390911/enabling-the-web-proxy-feature

3. Create secret target & enable Web Proxy . https://docs.fortinet.com/document/fortipam/1.4.0/examples/2487/creating-a-secret-target-with-web-pr...

4. Add a secret target to your secret.

5. if FortiPAM is behind the FortiGate or other firewall vendor . https://docs.fortinet.com/document/fortipam/1.4.0/examples/168674/fortipam-behind-a-fortigate-device

6. Create DNAT on the firewall and allow all ports , do not specify only FortiPAM's port (FortiPAM's portal) .

Thanks,

FortiPAM Web launcher from WAN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website