- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2017 09:29 AM
Hello all,
One of my customer wants to integrate ISE with a Fortinet proxy so that when a user (already authenticated on ISE) wants to navigate on internet the proxy does not prompt for user's credentials.
My understanding is ISE should send authorization session to the proxy to achieve this.
Does any one has done something similar to this?.
Thanks in advanced.
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2017 11:34 AM
This functionality is already supported by Cisco WSA. The WSA uses pxGrid to fetch SGT information for the end user accessing the internet. Fortinet would need to build a pxGrid client into their solution to download identity information from ISE.
Regards,
-Tim

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2017 11:34 AM
This functionality is already supported by Cisco WSA. The WSA uses pxGrid to fetch SGT information for the end user accessing the internet. Fortinet would need to build a pxGrid client into their solution to download identity information from ISE.
Regards,
-Tim

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2017 11:44 AM
please see several other posts on the issue with ISE sending RADIUS to Fortinet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2017 07:27 AM
So, my question is: Can fortinet be integrated with ISE using PxGrid?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2017 07:30 AM
Have you asked fortinet if they have a PXGrid client in any of their firewalls?
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2017 07:35 AM
No, you will need to ask them to reach out and start the process
https://www.cisco.com/c/en/us/products/security/pxgrid.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2017 07:42 AM
Thank you all for your answers, will inform the customer about it.
