08-29-2017 09:29 AM
Hello all,
One of my customer wants to integrate ISE with a Fortinet proxy so that when a user (already authenticated on ISE) wants to navigate on internet the proxy does not prompt for user's credentials.
My understanding is ISE should send authorization session to the proxy to achieve this.
Does any one has done something similar to this?.
Thanks in advanced.
Solved! Go to Solution.
08-29-2017 11:34 AM
This functionality is already supported by Cisco WSA. The WSA uses pxGrid to fetch SGT information for the end user accessing the internet. Fortinet would need to build a pxGrid client into their solution to download identity information from ISE.
Regards,
-Tim
08-29-2017 11:34 AM
This functionality is already supported by Cisco WSA. The WSA uses pxGrid to fetch SGT information for the end user accessing the internet. Fortinet would need to build a pxGrid client into their solution to download identity information from ISE.
Regards,
-Tim
08-29-2017 11:44 AM
please see several other posts on the issue with ISE sending RADIUS to Fortinet
08-30-2017 07:27 AM
So, my question is: Can fortinet be integrated with ISE using PxGrid?
08-30-2017 07:30 AM
Have you asked fortinet if they have a PXGrid client in any of their firewalls?
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
08-30-2017 07:35 AM
No, you will need to ask them to reach out and start the process
https://www.cisco.com/c/en/us/products/security/pxgrid.html
08-30-2017 07:42 AM
Thank you all for your answers, will inform the customer about it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide