Deployment of IPS using FortiGate Firewall

This section describes the integration of IPS with FortiGate firewall.

The authentication process is described below:

1. The user is authenticated on IPS after validating the host check policy to ensure that the endpoints meets the corporate policy.
2. IPS learns the endpoint IP using RADIUS accounting(L2) or  L3 connection.
3. The User Id, IP address and role(s) are provisioned to the firewall.
4. Ivanti Policy Secure shares the User Id, IP address and role information with FortiGate firewall in the form of a RADIUS accounting packet.
5. The FortiGate firewall maps the user to a specific security policy and then provides the required access.

If multiple firewall devices are configured, then the user's information will be provisioned to all the devices. The user's information will be sent to the firewall only if user's role requires session to be provisioned.