Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1439
Views
10
Helpful
3
Replies

Authentication of VPN users from CISCO ISE

s.gupta
Level 1
Level 1

‎05-23-2019 11:21 PM

Hi all,

 

Can we authenticate Fortigate VPN users from Cisco ISE & can we do posture check on them? If yes can anyone help me in creating Network Device profile for Fotigate Firewall on cisco ISE & how will the redirection work for users to Client Provisioning portal on ISE.

Sooner reply will be appreciated..

 

Regards

Saurabh Gupta

0 Helpful
3 Replies 3

Jason Kunst
Cisco Employee
Cisco Employee

‎05-24-2019 03:35 AM

The only known network devices to support posture AFAIK are Cisco vpn concentrator (such as the ASA) that support COA. Change of authorization allows a session to switch states and update ACLs vlans or tags. It also requires a URL redirection. If running ise 2.2+ then that might not be required .

This allows a device to come in and be evaluated before given full access.

Does fortigate have support of these functions?
0 Helpful

maf_1
Level 1
Level 1

‎10-12-2021 11:48 PM

hi,

i believe fortigate does support CoA as it is RFC 5176. please refer to link below. 
FortiOS Supported RFCs (fortinetweb.s3.amazonaws.com)

 

I too am looking to do the same. Our scenario is User-> Fortigate -> ISE( AD integrated ) -> FortiAuthenticator ( AD integrated, Using for MFA). We have done plain authentication but need clues to implement posture.

maf_1
Level 1
Level 1
In response to maf_1

‎10-12-2021 11:49 PM

As for URL redirect, i think that could work since Fortinet does push portals. But would be great to know how ISE could be setup for such a thing.

Customers Also Viewed These Support Documents