Scenario: Small office with users and no AD-Domain.
Is it possible to have a local agent installed (forticlient? Anything else?) on each computer logged in with a username/password and have that information sent to the fortigate when accessing rules etc instead of manually having to log on/into the captive portal every day?
The end goal is to enter the username/password once on each computer and identify the users automatically.
Any input appreciated!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi dontmindme,
In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain
2. Configure local FSSO poller on the Fortigate.
3. Use the FSSO groups in the appropriate policies.
As a result - the user logged in to his PC will generate a logon event on the AD.
That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.
Regards,
So from your description I would assume, you have to integrate any Authentication source, like FortiAuthenticator, LDAP, AD or RADIUS with NPS and/or a Certification Authority for cert based authentication. Maybe, if the customer is using an AzureAD for it's O365 Services, the SAML Auth feature may be a solution...?
FCNSA 5, FCNSP 5, NSE 4
Hi dontmindme,
In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain
2. Configure local FSSO poller on the Fortigate.
3. Use the FSSO groups in the appropriate policies.
As a result - the user logged in to his PC will generate a logon event on the AD.
That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.
Regards,
Ok, it seems that this is not a workable solution then. The computers are stand-alone and i was looking for a solution to authenticate the users in another way than captive portal. Setting up a AD for the purpose and joining computers are a overkill solution to a simple local setup.
Sadly accepting this as a solution.
Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.