Configuring FortiGate Firewall

The FortiGate firewall detects traffic from an endpoint that matches a configured security policy using the FortiAuthenticator FSSO record. It determines the role(s) associated with that user, and allows or denies the traffic based on the actions configured in the security policy.

To configure FortiGate firewall:

  1. Create the FortiAuthenticator as an FSSO agent in the FortiGate Firewall. Select User & Device >Single Sign-On and click Create New and enter the following data.
    • Type: Fortinet Single-Sign-On Agent
    • Name: Enter a name for the entry
    • Primary Agent IP/Name:  Enter the IP address of the FortiAuthenticator appliance, and the password* used to communicate with it.

    *This is the same as the secret key configured on FortiAuthenticator in the Fortinet SSO Methods > General section.

    • Click Apply & Refresh to test your configuration. If correct, the users /groups area will automatically populate

    Figure 141: Creating Single Sign on Server

  1. Create matching User groups. Select User & Device > User Groups. Click create New and enter the following data:
    • Name- Enter the name of the group. This name will appear in the firewall policy.
    • Type- Select Fortinet Single Sign-On as type.
    • Select the matching User group created on FortiAuthenticator and Click OK.

    Figure 142: Creating User Groups

  1. Create a firewall policy to use the PPS enforcement groups just created. Select Policy & Objects > IPv4 Policy. Click Create New and create the policy based on the resource access restrictions to be enforced.

    Figure 143: Creating Firewall policies