Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Marcos_FDS1012
Contributor

Using the Fortinet Single Sign On Agent Configuration from Headquarters

Good morning , guys I have fortigate in my headquarters , and now I'm going to close a VPN between this headquarters and branch , the question and I believe not but it does not hurt to ask with this tunnel I can use Fortinet Singles Sing On agent configuration that is in my AD . Or will I have to create Webfilter and application Control separately for this firewall ?

1 Solution
ebilcari
Staff
Staff

Are the PCs in the branch part of the same domain/AD? Both FGTs can have all the FSSO sessions that ca be used in the policies.

Will the branch tunnel all traffic to HQ or you will need the FSSO session also in the branch FGT policies?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

5 REPLIES 5
ebilcari
Staff
Staff

Are the PCs in the branch part of the same domain/AD? Both FGTs can have all the FSSO sessions that ca be used in the policies.

Will the branch tunnel all traffic to HQ or you will need the FSSO session also in the branch FGT policies?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Marcos_FDS1012

Hello,

I will explain better, today I have in my F60 fortigate matrix where I have Fortinet Singles Sing On agent configuration this working perfect, I made the purchase of another F60 I will close an IPSec VPN between the two, the doubt when closing the VPN I can get the information of this Fortinet Singles Sing On agent configuration that is in the matrix? Do I need to do any additional configuration on the Fortinet Singles On agent configuration in my branch?

ebilcari

Is the 'matrix' the translation of 'Security Fabric'? If the branch will be part of the Fabric even though over an IPSEC tunnel, it should synchronize the FSSO settings with the downstream FGT.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Marcos_FDS1012

After the tunnel is closed, I need to configure FSSO on the branch firewall, is that it? And fetch the information from my AD on the other end?

ebilcari

Yes that can also be configured directly on the branch FGT if that is not going to be part of the Fabric as downstream node.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors