Hi.
we are running Cisco SDA/DNA on our infrastruktur and a Fortigate a our firewall.
Got the Cisco ISE and fortimanager pxgrid working with no problem, but before i got the pxgrid connector iv had Fortinet FSSO dc agent on your DC's and a FSSO server sending the logon event to the fortigate so i could create user-based policies.
But now i have problem as i can see the the FSSO entry on the fortigate use the ip adresse as the uniq id and ex. my ip gets the pxgrid "tag group" and then the FSSO server overrides the "tag group" with another so the policies i created with the pxgrid groups dosen't gets hit.
Can i only have 1 FSSO entry? so only pxgrid or FSSO agent (was thinking about buying Fortiauthenticator for forticlient agent) but if i only can have 1 FSSO entry theres no need.
That's an issue for me cause i would like to use pxgrid to allow/deny traffic to specific Cisco SGT groups and also would like to use ad groups for policies.
hope you can help me clarify this issue
Morten
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @mmjo,
Have you configured pxgrid connector on FortiManager? Please refer to https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/466394/creating-cisco-pxg...
FSSO agent gets group information from the DC and sends it to FortiGate. If you are using pxgrid connector and not using FSSO agent anymore, you can remove it.
Regards,
Yeah i know, but my question was if i could use both? right now i only get the pxgrid group in the logs, and not the user, så all my logs for a pxgrid network is from the same FSSO user.
And now im not able to make userbased policies with ad groups.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.