Related Manuals for Fortinet Network Adapter FSAE
Summary of Contents for Fortinet Network Adapter FSAE
- Page 1 T E C H N I C A L N O T E Fortinet Server Authentication Extension Version 1.5 www.fortinet.com...
- Page 2 01 October 2007 01-30005-0373-20071001 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
-
Page 3: Table Of Contents
Creating firewall policies ... 16 Allowing guests to access FSAE policies... 17 Testing the configuration... 17 NTLM authentication ... 17 Fortinet Server Authentication Extension Version 1.5 Technical Note 01-30005-0373-20071001 To configure the FSAE collector agent ... 10 To configure the Global Ignore List... 11 To view the FortiGate Filter List... - Page 4 Contents Fortinet Server Authentication Extension Version 1.5 Technical Note 01-30005-0373-20071001...
-
Page 5: Using Fsae On Your Network
Using FSAE on your network Using FSAE on your network The Fortinet Server Authentication Extension (FSAE) provides seamless authentication of Microsoft Windows Active Directory users on FortiGate units. This chapter describes how to install and configure FSAE on your Microsoft Windows network and how to configure your FortiGate unit to authenticate users using FSAE. - Page 6 The returned values are compared to the stored values on the FortiGate unit that have been received from the domain controller. Fortinet Server Authentication Extension Version 1.5 Technical Note Using FSAE on your network 01-30005-0373-20071001...
-
Page 7: Installing Fsae On Your Network
Installing FSAE To install FSAE, you must obtain the FortiClient Setup file from the Fortinet Support web site. Perform the following installation procedure on the computer that will run the Collector Agent. This can be any server or domain controller that is part of your network. -
Page 8: Configuring Fsae On Windows Ad
If any of your required domains are not listed, cancel the wizard and set up the proper trusted relationship with the domain controller. Then run the wizard again by going to Start > Programs > Fortinet > Fortinet Server Authentication Extension > Install DC Agent. -
Page 9: Configuring Windows Ad Server User Groups
FortiGate unit • the Windows AD group information to send to each FortiGate unit You can also alter default settings and settings you made during installation. Fortinet Server Authentication Extension Version 1.5 Technical Note 01-30005-0373-20071001 Configuring FSAE on Windows AD... -
Page 10: To Configure The Fsae Collector Agent
Configuring FSAE on Windows AD To configure the FSAE collector agent From the Start menu select Programs > Fortinet > Fortinet Server Authentication Extension > Configure FSAE. Enter the following information and then select Save and Close. Monitoring user logon events Enable to automatically authenticate users as they log on to the Windows domain. -
Page 11: Configuring The Global Ignore List
Help Note: To view the version and build number information for your FSAE configuration, click the Fortinet icon in the upper left corner of the Fortinet Collector Agent Configuration screen and select “About FSAE configuration”. Configuring the Global Ignore List The Global Ignore List excludes users such as system accounts that do not authenticate to any FortiGate unit. -
Page 12: To View The Fortigate Filter List
To view the FortiGate Filter List From the Start menu select Programs > Fortinet > Fortinet Server Authentication Extension > Configure FSAE. Select FortiGate Group Filter. -
Page 13: Configuring Tcp Ports
Dead entry timeout interval. By default this is eight hours. For more information about both interval settings, see page 11 Fortinet Server Authentication Extension Version 1.5 Technical Note 01-30005-0373-20071001 Select to create the default filter. The default filter applies to any FortiGate unit that does not have a specific filter defined in the list. -
Page 14: Configuring Fsae On Fortigate Units
Enter the password for the collector agent. This is required only if you configured your FSAE collector agent to require authenticated access. “Configuring FSAE on Windows AD” on page Fortinet Server Authentication Extension Version 1.5 Technical Note Using FSAE on your network 01-30005-0373-20071001... -
Page 15: Viewing Information Imported From The Windows Ad Server
To create a user group for FSAE authentication Go to User > User Group. Select Create New. The New User Group dialog box opens. Fortinet Server Authentication Extension Version 1.5 Technical Note 01-30005-0373-20071001 Add a new Windows AD server. AD Server The name defined for the Windows AD server. -
Page 16: Creating Firewall Policies
Select the required user group from the Available Groups list and then select the right arrow button to move the selected group to the Allowed list. You can select multiple groups using the CTRL or SHIFT keys. Select OK. Fortinet Server Authentication Extension Version 1.5 Technical Note Using FSAE on your network 01-30005-0373-20071001... -
Page 17: Allowing Guests To Access Fsae Policies
401 Unauthenticated status code, and tells the client which authentication method to come back with via the header: Proxy-Authenticated: NTLM. The session is dismantled. Fortinet Server Authentication Extension Version 1.5 Technical Note 01-30005-0373-20071001 edit FSAE_policy set fsae-guest-profile strict... - Page 18 FortiGate unit. Note: If the authentication policy reaches the authentication timeout period, a new NTLM handshake occurs. Fortinet Server Authentication Extension Version 1.5 Technical Note Using FSAE on your network 01-30005-0373-20071001...
- Page 19 www.fortinet.com...
- Page 20 www.fortinet.com...