Hot!How to enable user auth for Explicit Web Proxy in 5.6?

Author
jacob.shaw
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/02/26 11:28:01
  • Status: offline
2018/02/26 11:29:19 (permalink) 5.6
0

How to enable user auth for Explicit Web Proxy in 5.6?

How do we go about enabling user authentication for the Explicit Web Proxy in 5.6? The steps and CLI option for <=5.4 aren't showing up in 5.6.
 
Thanks!
#1

6 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 4989
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: How to enable user auth for Explicit Web Proxy in 5.6? 2018/02/26 14:23:20 (permalink)
    0
    I don't they changed to  much in v5.6.x  but are you using  local  user or a remote-auth  group?
    Did you check under network explicit proxy ?
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    jacob.shaw
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/02/26 11:28:01
    • Status: offline
    Re: How to enable user auth for Explicit Web Proxy in 5.6? 2018/02/26 15:58:02 (permalink)
    0
    emnoc
    I don't they changed to  much in v5.6.x  but are you using  local  user or a remote-auth  group?

     
    I'm trying to use it with remote-auth to LDAP/AD
     

    Did you check under network explicit proxy ?



    There is nothing under Network->Explicit Web Proxy to specify or turn on auth.
     
    The best documentation I can find is the following, which isn't making any sense to me whatsoever:
     
    http://help.fortinet.com/...y%20Authentication.htm
    #3
    HA
    Gold Member
    • Total Posts : 143
    • Scores: 6
    • Reward points: 0
    • Joined: 2010/09/19 07:10:45
    • Location: Luxembourg
    • Status: offline
    Re: How to enable user auth for Explicit Web Proxy in 5.6? 2018/02/26 23:49:12 (permalink)
    0
    Hi,
     
    Once again, they decided to change the rule !
    Everything has been moved to CLI , what a beautiful idea !!
    Hey guys wake up, Move it back to the GUI !
     
    HA
    #4
    jacob.shaw
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/02/26 11:28:01
    • Status: offline
    Re: How to enable user auth for Explicit Web Proxy in 5.6? 2018/02/27 09:20:56 (permalink)
    0
    Can somebody provide a usable example? The documentation is in English, but it's not making any sense to me at all and does not seem actionable.
     
    Edit: to elaborate, I want to have an Explicit Web Proxy listening on our outside interface with authentication enabled (backend is LDAP/Active Directory, but could be RADIUS, if that's easier). This is so our student devices (iPads and soon Chromebooks) outside our school district network can still be web filtered.
    post edited by jacob.shaw - 2018/02/27 09:44:00
    #5
    moby
    Bronze Member
    • Total Posts : 55
    • Scores: 0
    • Reward points: 0
    • Joined: 2004/08/20 15:07:52
    • Status: offline
    Re: How to enable user auth for Explicit Web Proxy in 5.6? 2018/03/01 07:04:20 (permalink)
    0
    Hi Jacob,
     
    Just posting to say I agree with you. I upgraded from 5.4 where the explicit proxy was working without any problems with LDAP authentication. When I upgraded to 5.6 it broke, I also tried to make some sense of the docs for the changes in authentication and how it should now work, but so far I don't have a working solution, downgraded to 5.4 again and will lab it next week. Maybe a slightly different problem to yours as I am using form based authentication with a customised login page, but the documentation is bad, and really it should just work the same when you upgrade.
     
    Moby.
    #6
    ramiro.costa
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/24 11:06:29
    • Status: offline
    Re: How to enable user auth for Explicit Web Proxy in 5.6? 2018/08/24 11:14:21 (permalink)
    0
    Please do the following if you are using single sign on (FSSO). Note that I´m using an agent to collect information from the Ldap server.
     
    **** Configure authentication scheme first ( created an scheme named novosso ) ****
    BORDA # config authentication scheme
    BORDA (scheme) # edit novosso
    new entry 'novosso' added
    BORDA (novosso) # set method fsso
    BORDA (novosso) # end
    BORDA #
     
    **** Configure the rule, point the rule to the scheme you just created ****
    BORDA # config authentication rule ( created a rule called regrasso and pointed to the sso method called novosso )
    BORDA (rule) # edit regrasso
    new entry 'regrasso' added
    BORDA (regrasso) # set status enable
    BORDA (regrasso) # set protocol http
    BORDA (regrasso) # set srcaddr all
    BORDA (regrasso) # set sso-auth-method novosso
    BORDA (regrasso) # next
    BORDA (rule) # end
    BORDA #
     
     
    #7
    Jump to:
    © 2018 APG vNext Commercial Version 5.5