Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1591
Views
2
Helpful
4
Replies

Cisco ISE and Fortigate

Go to solution
fgatto
Level 1
Level 1

‎04-06-2023 07:39 AM

hi guys,

i finally found a square for captive portal configuration on ise.

Now, my need to make the software communicate with different networks. Let me explain, my company has 3 locations and I would like to implement the ISE solution on all 3 but without having to install the software in each of them. Therefore, I thought of using Fortigate FW as a bridge. How can I make cisco ise and fortigate communicate?

I look forward to your suggestions.

Thanks for the support

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎04-06-2023 07:49 AM

Hi

 If you want to make the ISE guest portal available on your three differents sites all you need to do is allow communication to the ISE Ip address. 

 You can use MPLS to interconenct the location (expansive) or you can use VPN (cheaper) with internet links. The fortgate can be used to stablishes the VPN tunel between locations. 

View solution in original post

4 Replies 4

Go to solution
Flavio Miranda
VIP
VIP

‎04-06-2023 07:49 AM

Hi

 If you want to make the ISE guest portal available on your three differents sites all you need to do is allow communication to the ISE Ip address. 

 You can use MPLS to interconenct the location (expansive) or you can use VPN (cheaper) with internet links. The fortgate can be used to stablishes the VPN tunel between locations. 

Go to solution
fgatto
Level 1
Level 1
In response to Flavio Miranda

‎04-07-2023 01:29 AM

Hi Flavio, 

as per your suggestion i would like to use vpn for connection. is a mini-guide available on how to proceed?

Thanks a lot

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to fgatto

‎04-07-2023 02:11 AM

Hello @fgatto 

   Probably there are plenty of guides and video on how to setup site to site vpn with Fortgate, but honestly, I have no experience with this firewall particularly. Here is an example:

   https://www.youtube.com/watch?v=MHfjI13WiNI 

  But again, if your intention is only make the Guest portal available to your users on the different location, aparently today they are separated location right? with no interconnection in between?  another  option would be you create a DMZ on the site where the ISE is installed and, then, allow the access to the portal from the internet. 

 You can create a DNS entry for the portal pointing to a public IP address and a NAT on the firewall pointing to your ISE portal  IP address.

 On each site, you need to permit users to connect to your guest network and be redirected to this guest portal through the internet. Which means, you need to allow the guests users to access that public IP address from the guest network.

  It would work like many other cloud captive portal available on the internet out there. The only different is that you manage the radius server.

0 Helpful

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎04-06-2023 11:27 AM

@fgatto  you will have to verify firstly , if the version of fortigate and ISE are documented as supported, depending on the version you can find third party NAD tested and verified  as in the following link https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/compatibility/b_ise_sdt_26.html 

Customers Also Viewed These Support Documents