With which product can I send the information of the user logged in Windows to Fortigate in the easiest way? My goal is to see which ip address belongs to which user in the logs.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @rcpdkc ,
You can use FSSO Agent or Connector Agent for that.
I use FSSO, is there an alternative software similar to NAC?
Hello @rcpdkc ,
You can use FortiNAC or FortiAuthenticator but at the end of the day, all products transmit this information to FortiGate via FSSO. Only the way they collect user information is different.
For example, while nac creates user information from authenticated users on the devices it manages, FortiAuthenticator collects user information via FortiClient or RSSO.
I noticed that Fortinac doesn't pass user information to the firewall. I can't see the user in the firewall logs even though fortinac is there. why could this be ?
Hello @rcpdkc ,
Did you integrate FortiNAC and FortiGate for FSSO information?
You can review this document on how you can integrate FortiNAC and FortiGate for FSSO. This document has good and detailed information.
On the Fortinac side, I add the device from the service connector menu, but it does not fall into the fortigate fabric connector menu.
Hello @rcpdkc ,
when I reviewed the FortiGate documents I saw two information about that.
The First one, if your FortiNac license was created before 2020 you can't do that integration.
https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/264311
The second one, the document says this feature is deprecated and replaced with a tag feature. Probably, the tag feature would not give username information to FortiGate.
then I won't get user information with fortinac. I will continue with fsso.
As per my knowledge you can do it with either FSSO, FortiClient (with EMS) or FortiNAC (with PA).
If I remember well, I did it on FNAC and FCT EMS with tags, that sends user group info to FGT and you can use them in firewall policies. I didn't double check but I think I'm not wrong.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.