We have a lot of customer with this two vendor and this type of integration can add value at our works, but I cannot find any doc that explain HOW TO deploy this type of scenario/integration ...
Is only a marketing doc or there are behind this partnership a real integration?
Someone have already made somthing similar?
Of course there is a lot of technology behind the integration on both ends = Forti and Extreme.
I do have several happy customers (small and big also).
I suggest you contact extreme Value Added Partner/resseller or Extreme representative. To demonstrate/test/implement the solution.
The list of partners is available on our corporate website.
Unfortunately the implementation can be very complex and also very simple (based on the network equipment).
If you need an standalone document, you can use the previous version published here:
just note that since Extreme control 7.0 the installation comes pre-installed with Extreme control and you don't need to install it manually.
For a dynamic response scenario, we are developing a generic DIPS plugin probably for the end of the year.
To deploy a dynamic response scenario with fortinet you must configure the DIPS feature for paloalto and configure teh fortinet firewall to send syslog messages with the format defined in the PaloAlto plugin.
I'm Luca, I'm working with Roberto in Fortigate integration.
I have read the Palo Alto document, but there is a big issue: Palo Alto devices integration is done using XML API (User API) but Fortigate integration should be done using RSSO (Radius SSO).
We have to configure "remote" Radius user group.
I'm reading the "old" One Fabric Connect install document, but it has some omission: the first one is how to tell NAC Radius server to consider Fortigate as a client. Now I will try to add it as a switch.
Have you got some suggestion?
Just follow the installation guide. The fortigate must be configured: management center (netsight) as radius server with correct shared secret..
From the terminology point of view the fortigate is the radius accounting server and management center is a radius accounting client. But the place where you configure it on the fortigate gui is little bit confusing.
thank you for the reply.
Really, I'm little confusing on Extreme side of the configuration steps.
I think that (first of all) I have to add the FG to NAC switches: I think that this step will add the firewall to the list of Radius client. Good, but the Fortigate will not do Radius authetication sessions. Fortigate sould receive accounting information from the NAC, so I have to configure the NAC to send accounting info.
Where and how can I configure the NAC to send Accounting info to the fortigate?
thank you very much, I think that now I'm understanging.
The bad news is that I cannot do it without OneFabric Connect that require Advanced license.
Is this correct?
Is it possible to inform the Fortigate about connected users without using OneFabric Connect?
Thank you very much for the time spent,
have a nice weekend,
Could you please answer me: is the integration between NMS-ADV and Fortinet (FG-600D in my case) possible without NAC?
I've found two articles:
But they are old and may be something changed?
The integration gives of two benefits:
Inform the firewall about user-ip or location-&user-ip mapping. For this we need NAC (extreme control)
If the firewall/ips/anti-anything detects the security issue then it send syslog/trap to the NetSight (extreme management) and management does perform reaction. This can be done through ASM (Autometed Security Manager) or through NAC.
ASM is available with NetSight version 7. Actualy there is no plan to support ASM in the NetSight / EMC version 8.
There are some limits what ASM can do and in what network.
Sales answer for your question is: you do not need NAC for the integration to work. But with NAC it is much more powerfull and much easier and flexible.