Hello! After I got the FSSO working, I mean, I got authentication working in agent mode, I tested it in a small live environment to limit access to domain resources over the tunnel only for those users who had AD-authenticated. That stopped working the very next day, access to network-mapped drives was lost, ping didn't go through the tunnel, and after all, I imagine that when restart is made to a computer and nobody logs in, then there won't be also access for domain-related communication that is initiated from the machine.
Now, is there anybody who has tried such scenario? One thought: what if I authenticate from the other side, that is, from headquarters' side?
Or is there any alternative offered by Fortigate so that machines could be authenticated, not just users? The situation is that one of our clients has many very small and remote offices with FWF30D's and access to the headquarters should be limited only to domain computers. For such small places, buying HP switches that do port authentication 802.1X seems overkill.
User | Count |
---|---|
986 | |
821 | |
457 | |
440 | |
131 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.