Cisco | Identity Service Enginee (ISE) - Forti Firewall

 

1. Config Swith SW-GW (R2)
interface ethernet 0/2
no shu
sw mode access
switchport access vlan 100
description Link-to FW-forti
!

2. Download Dictionary Firewall Palo dan Forti

3. Polciy | Policy Element | Dictionary | Radius Vendor

4. Lalu

5. Lalu

6. Lalu, tampak bawha  hasil dari import modul forti sdh berhasil

Tahap-II
7. Device Profile

8. Lalu, hasilnya

9. Lalu

10. Lalu

11. Lalu, Create Profile Admin-Group dan Support-Group

Then...

12. Device Admin-PolicySet

Then...

Tahap III
1.Konfigurasi Firewall (IP Mgmt)
config system global
set hostname FW-FORTI-01
set timezone 53
end

config system interface
edit port1
set mode static
set ip 192.168.100.220/24
set allowaccess ping http fg https ssh
next
end

config user tacacs+
edit "TACAS-SRV"
set server "192.168.100.210"
set key Test123
set authen-type pap
set authorization enable
next
end

2. Create AdminGroup dan Support Group

3. Hasilnya

4. Admin Profile

5. AdminGroup dan Support Group

6. Konfigurasi Override di CLI di Fortigate

Selesai.,..
VERIFIKASI:
login ke forti menggunakan user yang di server-AD

=========================================================

Konfig Forti

config system global
set hostname FW-FORTI-01
set timezone 53
end

config system interface
edit port1
set mode static
set ip 192.168.100.220/24
set allowaccess ping http fg https ssh
next
end

config user tacacs+
edit "TACAS-SRV"
set server "192.168.100.210"
set key Test123
set authen-type pap
set authorization enable
next
end
--------------
config system admin
edit admin1
set accprofile-override enable
end

config system admin
edit support1
set accprofile-override enable
end

Berbagi :