Fortinet FSAE - Manual - manualsarea.com

Page 2 - Trademarks

Fortinet Server Authentication Extension Technical Note Version 1.501 October 2007 01-30005-0373-20071001 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or ...

Page 3 - Contents

Contents Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 3 Contents Using FSAE on your network............................................................ 5 FSAE overview ..........................................................................................

Page 5 - Using FSAE on your network; FSAE overview

Using FSAE on your network FSAE overview Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 5 Using FSAE on your network The Fortinet Server Authentication Extension (FSAE) provides seamless authentication of Microsoft Windows Active Directory users on FortiGat...

Page 7 - Installing FSAE on your network; Installing FSAE

Using FSAE on your network Installing FSAE on your network Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 7 Installing FSAE on your network FSAE has two components that you must install on your network: • The domain controller (DC) agent, which must be inst...

Page 8 - Fortinet Server Authentication Extension > Install DC Agent; Configuring FSAE on Windows AD

Fortinet Server Authentication Extension Version 1.5 Technical Note 8 01-30005-0373-20071001 Configuring FSAE on Windows AD Using FSAE on your network 9 Select Next and then select Install. 10 When the FSAE InstallShield Wizard completes, ensure that Launch DC Agent Install Wizard is enabled and sel...

Page 9 - Server; Configuring Windows AD server user groups

Using FSAE on your network Configuring FSAE on Windows AD Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 9 FSAE sends information about Windows user logons to FortiGate units. If there are many users on your Windows AD domains, the large amount of informati...

Page 10 - To configure the FSAE collector agent; Fortinet Server Authentication Extension > Configure FSAE

Fortinet Server Authentication Extension Version 1.5 Technical Note 10 01-30005-0373-20071001 Configuring FSAE on Windows AD Using FSAE on your network To configure the FSAE collector agent 1 From the Start menu select Programs > Fortinet > Fortinet Server Authentication Extension > Configu...

Page 11 - Configuring the Global Ignore List; To configure the Global Ignore List; Configuring FortiGate group filters

Using FSAE on your network Configuring FSAE on Windows AD Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 11 Configuring the Global Ignore List The Global Ignore List excludes users such as system accounts that do not authenticate to any FortiGate unit. The ...

Page 12 - To view the FortiGate Filter List; To configure a FortiGate group filter

Fortinet Server Authentication Extension Version 1.5 Technical Note 12 01-30005-0373-20071001 Configuring FSAE on Windows AD Using FSAE on your network To view the FortiGate Filter List 1 From the Start menu select Programs > Fortinet > Fortinet Server Authentication Extension > Configure F...

Page 13 - Configuring TCP ports

Using FSAE on your network Configuring FSAE on Windows AD Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 13 4 Enter the following information and then select OK. Configuring TCP ports Windows AD records when users log on but not when they log off. For best ...

Page 14 - Configuring FSAE on FortiGate units; Specifying your collector agents; To specify collector agents

Fortinet Server Authentication Extension Version 1.5 Technical Note 14 01-30005-0373-20071001 Configuring FSAE on FortiGate units Using FSAE on your network Configuring FSAE on FortiGate units To configure your FortiGate unit to operate with FSAE, you • specify the Windows AD servers that contains t...

Page 15 - Viewing information imported from the Windows AD server; To create a user group for FSAE authentication

Using FSAE on your network Configuring FSAE on FortiGate units Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 15 Viewing information imported from the Windows AD server You can view the domain and group information that the FortiGate unit receives from the ...

Page 16 - Creating firewall policies; To create a firewall policy for FSAE authentication

Fortinet Server Authentication Extension Version 1.5 Technical Note 16 01-30005-0373-20071001 Configuring FSAE on FortiGate units Using FSAE on your network Figure 4: New User Group dialog box 3 In the Name box, enter a name for the group, Developers, for example. 4 From the Type list, select Active...

Page 17 - Allowing guests to access FSAE policies; Testing the configuration; NTLM authentication; Understanding the NTLM authentication process

Using FSAE on your network Testing the configuration Fortinet Server Authentication Extension Version 1.5 Technical Note01-30005-0373-20071001 17 Allowing guests to access FSAE policies Optionally, you can allow guest users to access FSAE firewall policies. Guests are users unknown to the Windows AD...

Fortinet FSAE - Manual

Table of Contents:

Summary

Other Fortinet Models