FortiGate Firewall: Why use Fortinet Single Sign On (FSSO)? What are the benefits!
HTML-код
- Опубликовано: 24 июл 2024
- Continuing on from previous videos we explain why it's important to use Fortinet Single Sign-On (FSSO) in doing so you are creating a link between your Active Directory environment and your Next Generation Firewall Appliance (NGFW) once you do this your logs won't look so messy and you will be able to build out really granular security policies and the Users and Groups you create within your AD environment will be understood by the FortiGate firewall.
// Time Stamps //
00:00 - Video Introduction / Reference to previous videos
01:10 - What does FSSO do?
01:40 - Bad example (No FSSO)
02:40 - Good FSSO Example
03:32 - Channel update how you can help me?
04:17 - Security Fabric Connector (Pulling groups from AD)
04:54 - Using these groups in Firewall Policy
07:14 - Why it is super important from a logging prospective
08:02 - How can FSSO be deployed?
08:52 - FortiClient and the FSSOMA
10:18 - FortiAuthenticator licencing around FSSOMA
10:54 - Video summary
// Chris SOCIAL //
/ chris-eddisford-5b676462
// Keywords //
Fortinet
FortiGate
Fortinet Single Sign On (FSSO)
Fortigate Firewall Configuration
Automation
Notification
Fortinet Fabric
Fortinet how to
Fortinet guide
Fortinet network security
Cybersecurity
// HashTags //
#cybersecurity
#networking
#fortinet
![Young Nudy - John Wayne (feat. Metro Boomin) [Official Video]](http://i.ytimg.com/vi/NY8HnYYo2fo/mqdefault.jpg)
Subscribed - great video
Awesome, thank you!
Thank you for the video
Your very welcome. Let me know if there is anything specific you’d like to see.
Hi again@@FortiBytes
I would love to see ZTNA videos more, from basic configuration steps on Fortigate and FortiEMS rule creation
@@buraksahin7297 it’s very much on the list. I’m having to take a very short break for this week because I have a couple of nse7 exams I need to take before the changes in October. I do have a ztna video -
ruclips.net/video/j--ScI16zGM/видео.html but I plan on doing another because it’s highly requested.
Subscribed mate 😀
Thanks Oliver!
Great video. Just so I have everything clear. I watched the whole series. You need FAC to build this Azure AD integration right?
I sometimes struggle to explain why people need a FAC. Because the fgt supports SSO right? Is it because with FSSO the authentication part happens automatically and with SSO it needs a trigger?
I believe you can also import groups with only SSO right (without FAC)? Thanks again mate. Its been a while since a new video. Anything in the works?
Hey mate, at the moment for the Azure AD integration it appears you need FortiAuthenticator hopefully that changes in the future. As we all know that for Native AD integration you can just poll directly from the FortiGate.
New video has just dropped today I have been on holiday and had to rush another NSE7 for partnership status. Now that both are out of the way there should be a couple of videos a week moving forward. I think the next ones will have something to do with ADVPN including public cloud deployments and FortiManager as the amount of videos around getting the best out of manager including using variables and templates is seriously lacking! Thanks for reaching out let me know if there is anything specific you’d like to see!
Thank you so much for the video.. Can you please make a videos on FAC as well? How to integrate tacacs, saml,? How cert worke like this kind of videos?
Thank you for reaching out! Yes sure I need to get myself a new FAC license but then I will add it to the list I recommend the Azure AD FSSO video also FAC is an amazing product.
@@FortiBytesi appreciate all your contents.. Keep it up..
Your welcome
Do you run into issues where there are too many AD groups for the firewalls to import, like in the hundreds-thousands that dont really apply to your firewall policies?
Hi Greg you’re able to filter what groups you’re interested in. But it’s a good question if a company has that many groups then I’d suggest that FortiAuthenticator would be the better product for the job.
Thank you for responding so quickly @@FortiBytes ! We have a FAC but I've been having a lot of difficulty with trying to filter out all the domain groups we're not interested in.
Thanks @@FortiBytes, I'm trying to filter based on an expression. Ex: Any groups that start with "fw-" instead of selecting each new group as they get created. I dont want irrelevant groups like "KB-user" getting downloaded to the fortigates unnecessarily. The pie charts on user dashboards for group memberships look extremely cluttered with all the fw policy irrelevant groups.
I’m not sure if that’s possible I’ll take a look and come back to you if I find anything!