I'm using Forticlient EMS 7.2.4 and Fortigate 42000F 7.0.12 (on-prem). Currently all our policy rules are the traditional system to system or area to area type i.e.
I'm looking for a modern approach where I can govern network level access from system to system based on the user initiating the traffic. For example, if I have a support person working on shared laptop I would like to them to be able to get to back-end SystemA but not neccessarily another user that might user the same laptop from time to time.
I assume this is a ZTNA type solution but wondering if my existing stack/kit would already have this capabilty?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FSSO is probably the easiest way to do this. You can allow access transparently, based on the AD user or group. See this document for a bit more details: https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/450337/fsso
Hi,
To implement user-centric policies on FortiGate using FortiClient EMS and FortiGate 4200F, you can leverage Zero Trust Network Access (ZTNA) features. Here's how you can achieve this:
1. **Zero Trust Network Access (ZTNA)**: ZTNA allows you to control network access based on user identity and device posture, rather than just IP addresses. This aligns with your requirement for user-specific access control.
2. **FortiClient EMS Integration**: Ensure that your FortiClient EMS is properly integrated with your FortiGate 4200F to manage user identities and access policies centrally.
3. **User Tagging**: Utilize user tagging in FortiClient EMS to assign specific security posture tags to users based on their roles or permissions. For example, you can tag support personnel differently from other users.
4. **Policy Configuration**: Configure firewall policies on your FortiGate 4200F that consider the security posture tags assigned to users. This way, you can control access based on user identity and device classification.
5. **Testing and Monitoring**: Test the user-centric policies to ensure they function as intended. Monitor traffic and access logs to verify that only authorized users can reach specific backend systems.
By implementing ZTNA and user-centric policies, you can enhance security and control access based on user identity, providing a more modern and granular approach to network access control.
Thanks @sjoshi and @johnathan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.