Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3645
Views
0
Helpful
4
Replies

Cisco ISE & Fortigate ( User based policy)

Go to solution
Nick Mavrou
Level 1
Level 1

‎10-24-2022 02:36 AM

Hi Guys,

I have an implantation which requires a Fortigate FW to recognize a user when it is connecting to WiFi over dot1x. The radius server is Cisco ISE and the external ID I am using is an MS Active Directory. The whole communication between the client and the Cisco ISE happens over certificates, so all good here. Is it any way the fortigate to be able to see that and then perform a firewall policy based on user? In other words, is a way an external device to see that log in Cisco ISE and perform custom actions?

Many Thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-24-2022 02:38 AM - edited ‎10-24-2022 02:39 AM

@Nick Mavrou yes, you can use pxgrid between ISE and FortiManager to exchange user/IP mappings for use in firewall rules.

https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/610138/cisco-pxgrid-ise

 

View solution in original post

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Nick Mavrou

‎10-24-2022 04:25 AM - edited ‎10-24-2022 04:31 AM

@Nick Mavrou yes it works with users authenticated by ISE from external identity store such as AD, LDAP etc.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎10-24-2022 02:38 AM - edited ‎10-24-2022 02:39 AM

@Nick Mavrou yes, you can use pxgrid between ISE and FortiManager to exchange user/IP mappings for use in firewall rules.

https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/610138/cisco-pxgrid-ise

 

0 Helpful

Go to solution
Nick Mavrou
Level 1
Level 1
In response to Rob Ingram

‎10-24-2022 03:57 AM

@Rob Ingram Nice thank you very much. Quick question though, the example shows for local users in ISE. Do you know if this doable with using identities/users from AD?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Nick Mavrou

‎10-24-2022 04:25 AM - edited ‎10-24-2022 04:31 AM

@Nick Mavrou yes it works with users authenticated by ISE from external identity store such as AD, LDAP etc.

0 Helpful

Go to solution
j656
Level 1
Level 1

‎10-12-2023 12:12 PM

Did you ever get this to work?  We are looking at doing the something Fortimanager sees the groups, but does not see any users.

0 Helpful
Top