Solved: Re: ISE integration with Third Party Proxy

ecanogut · ‎08-29-2017

Hello all,

One of my customer wants to integrate ISE with a Fortinet proxy so that when a user (already authenticated on ISE) wants to navigate on internet the proxy does not prompt for user's credentials.

My understanding is ISE should send authorization session to the proxy to achieve this.

Does any one has done something similar to this?.

Thanks in advanced.

Timothy Abbott · ‎08-29-2017

This functionality is already supported by Cisco WSA. The WSA uses pxGrid to fetch SGT information for the end user accessing the internet. Fortinet would need to build a pxGrid client into their solution to download identity information from ISE.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎08-29-2017

This functionality is already supported by Cisco WSA. The WSA uses pxGrid to fetch SGT information for the end user accessing the internet. Fortinet would need to build a pxGrid client into their solution to download identity information from ISE.

Regards,

-Tim

Jason Kunst · ‎08-29-2017

please see several other posts on the issue with ISE sending RADIUS to Fortinet

https://communities.cisco.com/search.jspa?q=ise+fortinet

ecanogut · ‎08-30-2017

So, my question is: Can fortinet be integrated with ISE using PxGrid?

gbekmezi-DD · ‎08-30-2017

Have you asked fortinet if they have a PXGrid client in any of their firewalls?

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

Jason Kunst · ‎08-30-2017

No, you will need to ask them to reach out and start the process

https://www.cisco.com/c/en/us/products/security/pxgrid.html

ecanogut · ‎08-30-2017

Thank you all for your answers, will inform the customer about it.