Scribd
Upload
1K views6 pages

Fortinet Single Sign On Polling Mode Windows AD Network

This document describes how to configure Fortinet Single Sign-On (FSSO) in polling mode for a Windows Active Directory network without using a FortiAuthenticator or collector agent. The steps include: 1) adding the LDAP server to the FortiGate, 2) configuring the FortiGate to poll the Active Directory server, 3) adding an FSSO user group, 4) adding a firewall address for the internal network, and 5) adding a security policy with an authentication rule to allow the FSSO group access to the internal network. When users log into the Windows AD network, the FortiGate will automatically poll for their account information and record their network traffic.

Uploaded by

Ricky Wallace
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views6 pages

Fortinet Single Sign On Polling Mode Windows AD Network

This document describes how to configure Fortinet Single Sign-On (FSSO) in polling mode for a Windows Active Directory network without using a FortiAuthenticator or collector agent. The steps include: 1) adding the LDAP server to the FortiGate, 2) configuring the FortiGate to poll the Active Directory server, 3) adding an FSSO user group, 4) adding a firewall address for the internal network, and 5) adding a security policy with an authentication rule to allow the FSSO group access to the internal network. When users log into the Windows AD network, the FortiGate will automatically poll for their account information and record their network traffic.

Uploaded by

Ricky Wallace
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Fortinet Single Sign-On in Polling Mode for a

Windows AD network
This example uses Active Directory Polling to establish Fortinet Single Sign-On
(FSSO) for a Windows AD Domain Controller, without requiring a FortiAuthenticator
or a Collector Agent running on the Windows AD Domain to act as an intermediary
between the FortiGate and the domain.
1. Adding the LDAP Server to the FortiGate
2. Configuring the FortiGate unit to poll the Active Directory
3. Adding an FSSO user group
4. Adding a firewall address for the internal network
5. Adding a security policy that includes an authentication rule
6. Results

Internet

Polling Mode
FortiGate

Windows AD
Internal Network
254 The FortiGate Cookbook 5.0.6
Adding the LDAP Server to
the FortiGate
In the FortiGate web interface, go to
User& Device > Authentication > LDAP
Servers. Add your LDAP server details.

Configuring the FortiGate


unit to poll the Active
Directory
Next, go to User & Device >
Authentication > Single Sign-On.

For the Type, select Poll Active Directory


Server. Enter the IP, username and
password, and select the LDAP server you
added previously. Ensure Enable Polling is
checked.

Adding an FSSO user group


Go to User & Device > User > User
Groups, and add the desired AD member
groups to the group.

Fortinet Single Sign-On in Polling Mode for a Windows AD network 255


Adding a firewall address
for the internal network
Go to Firewall Objects > Address >
Addresses, and create an internal network
address to be used by the policy.

Adding a security policy that


includes an authentication
rule
Go to Policy > Policy > Policy.

Create a User Identity policy and add an


authentication rule to allow your FSSO group
to access the internet.

256 The FortiGate Cookbook 5.0.6


Results
Go to Log & Report > Traffic Log >
Forward Traffic. When users log into
the Windows AD network, the FortiGate
will automatically poll the domain for their
account information, and record their traffic.

Select an entry for more information.

Fortinet Single Sign-On in Polling Mode for a Windows AD network 257


258 The FortiGate Cookbook 5.0.6
Fortinet Single Sign-On in Polling Mode for a Windows AD network 259

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy