1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. Network Adapter FSAE
  6. Technical note

Configuring Windows Ad Server User Groups; Configuring Collector Agent Settings - Fortinet Network Adapter FSAE Technical Note

Server authentication extension
Hide thumbs
Table of Contents

Advertisement

Using FSAE on your network

Configuring Windows AD server user groups

Configuring collector agent settings

Fortinet Server Authentication Extension Version 1.5 Technical Note
01-30005-0373-20071001
FSAE sends information about Windows user logons to FortiGate units. If there
are many users on your Windows AD domains, the large amount of information
might affect the performance of the FortiGate units. To avoid this problem, you can
configure the FSAE collector agent to send logon information only for groups
named in the FortiGate unit's firewall policies.
On each domain controller that runs a collector agent, you need to configure
Windows AD user groups
collector agent settings, including the domain controllers to be monitored
the collector agent Global Ignore list
the collector agent FortiGate Group Filter for each FortiGate unit
The following client/server operating systems can be used:
Server: Microsoft Windows 2000, Microsoft Windows 2003 (32-bit and 64-bit)
Client: Microsoft Windows 2000 Professional, Microsoft Windows XP
Professional
FortiGate units control access at the group level. All members of a group have the
same network access as defined in FortiGate firewall policies. You can use
existing Windows AD user groups for authentication to FortiGate units if you
intend that all members within each group have the same network access
privileges. Otherwise, you need to create new user groups for this purpose.
If you change a user's group membership, the change does not take effect until
the user logs off and then logs on again.
FSAE sends only Domain Local Security Group and Global Security Group
information to FortiGate units. You cannot use Distribution group types for
FortiGate access. No information is sent for empty groups.
Refer to Microsoft documentation for information about creating groups.
You need to configure
the Windows AD domain controllers to monitor
the Windows AD users to ignore because they do not participate in firewall
authentication on any FortiGate unit
the Windows AD group information to send to each FortiGate unit
You can also alter default settings and settings you made during installation.
Configuring FSAE on Windows AD
9

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Network Adapter FSAE and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet Network Adapter FSAE

Related Products for Fortinet Network Adapter FSAE

This manual is also suitable for:

Fortinet 1.5

Table of Contents

Save PDF