Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Fortinet Security Fabric/FSSO Integration

    Home FortiNAC-F 7.2.0 Fortinet Security Fabric/FSSO Integration
    7.2.0
    7.2.0

    What it Does

    What it Does

    Fortinet Single Sign-On (SSO) is the authentication protocol by which users can transparently authenticate to FortiGate. FortiNAC acts as a Collector Agent: It collects and compiles information about user logons. The information is sent to the FortiGate in the form of Logon and Logoff events. These events contain:

    • Device Information: IP address

    • User information: User ID or MAC address (if no User ID)

    • User Group Filter: FortiNAC User Group, Host Group or Firewall Tag

    Logon/logoff event information: dynamic, real-time information the FortiGate learns and uses to dynamically match against policies and set up connections internally so the user is known without prompting them to log on again.

    Logon event triggers:

    • “Registered” device connect

    • User logon

    • IP change

    • Device status change

    Logoff event triggers:

    • User logoff

    • Device disconnect

    FortiGate creates one or more log entries for this logon/logoff events as appropriate.

    When a user tries to access network resources, the FortiGate unit can use the firewall user list to match a firewall policy with a source group as criterion. If the IP address is known along with the user information and User Group, the policy can be matched.

    Optional: Traffic from endpoints connecting to unmanaged network infrastructure can be controlled at the FortiGate. Requires FortiNAC Persistent Agent to be installed. For details see Unknown Location Endpoint Management in the Appendix.

    FortiNAC v9.2.2/FOS v7 and greater: SSO information is sent over TCP 8013.

    All other versions: SSO information is sent over TCP port 8000.

    For more information on SSO, see the FortiOS documentation at docs.fortinet.com.

    Previous
    Next

    What it Does

    What it Does

    Fortinet Single Sign-On (SSO) is the authentication protocol by which users can transparently authenticate to FortiGate. FortiNAC acts as a Collector Agent: It collects and compiles information about user logons. The information is sent to the FortiGate in the form of Logon and Logoff events. These events contain:

    • Device Information: IP address

    • User information: User ID or MAC address (if no User ID)

    • User Group Filter: FortiNAC User Group, Host Group or Firewall Tag

    Logon/logoff event information: dynamic, real-time information the FortiGate learns and uses to dynamically match against policies and set up connections internally so the user is known without prompting them to log on again.

    Logon event triggers:

    • “Registered” device connect

    • User logon

    • IP change

    • Device status change

    Logoff event triggers:

    • User logoff

    • Device disconnect

    FortiGate creates one or more log entries for this logon/logoff events as appropriate.

    When a user tries to access network resources, the FortiGate unit can use the firewall user list to match a firewall policy with a source group as criterion. If the IP address is known along with the user information and User Group, the policy can be matched.

    Optional: Traffic from endpoints connecting to unmanaged network infrastructure can be controlled at the FortiGate. Requires FortiNAC Persistent Agent to be installed. For details see Unknown Location Endpoint Management in the Appendix.

    FortiNAC v9.2.2/FOS v7 and greater: SSO information is sent over TCP 8013.

    All other versions: SSO information is sent over TCP port 8000.

    For more information on SSO, see the FortiOS documentation at docs.fortinet.com.

    Previous
    Next