Home > Developer Tools > Technical Articles

FortiOS 5.2 Expert Recipe: Single Sign-On using LDAP and FSSO agent in advanced mode

Source: Internet
Author: User
Keywords LDAP FSSO
Tags forticloud fortios fortiauthenticator fortigate fsso polling mode fortigate ldap authentication policy
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This recipe illustrates FortiGate user authentication with FSSO. In this example, user authentication controls Internet access and applies different security profiles for different users.

1. Integrating the FortiGate with the LDAP server

Go to User & Device > Authentication > LDAP Servers to configure the LDAP server.

2. Installing FSSO agent on Windows AD server

Accept the license and follow the Wizard.

Enter the Windows AD administrator password.

Select the Advanced Access method.

In the Collector Agent IP address field, enter the IP address of the Windows AD server.

Select the domain you wish to monitor.

Next, select the users you do not wish to monitor.

Under Working Mode, select DC Agent mode.

Reboot the Domain Controller.

Upon reboot, the collector agent will start up.

You can choose to Require authenticated connection from FortiGate and set a Password.

3. Configuring Single Sign-On on the FortiGate

Go to User & Device > Authentication > Single Sign-On and create a new SSO server.

Under Groups tab, select the user groups to be monitored. In this example, “FortiOS Writers” group is used.

4. Creating a user group in the FortiGate

Go to User & Device > User > User Groups to create a new FSSO user group.

Under Members, select the “FortiOS_Writers” group created earlier.

5. Adding a policy in the FortiGate

Go to Policy & Objects > Policy > IPv4 and create a policy allowing  “FortiOS_writers” to navigate the Internet with appropriate security profiles.

default Web Filter security profile is used in this example.

9. Results

Have users log on to the domain, go to the FSSO agent, and select Show Logon Users.

From the FortiGate, go to System > Status to look for the CLI Console widget and type this command for more detail about current FSSO logons: 

diagnose debug authd fsso list
----FSSO logons----
IP: 10.10.20.3  User: ADMINISTRATOR  Groups: CN=FORTIOS WRITERS,CN=USERS,DC=TECHDOC,DC=LOCAL  Workstation: WIN2K8R2.TECHDOC.LOCAL MemberOf: FortiOS_Writers
IP: 10.10.20.7  User: TELBAR  Groups: CN=FORTIOS WRITERS,CN=USERS,DC=TECHDOC,DC=LOCAL  Workstation: TELBAR-PC7.TECHDOC.LOCAL MemberOf: FortiOS_Writers
Total number of logons listed: 2, filtered: 0
----end of FSSO logons----

From the FortiGate, go to User & Device > Monitor > Firewall and verify FSSO Logons.

Have users go to the Internet and the security profiles will be applied accordingly.

Go to Log & Report > Traffic Log > Forward Traffic to verify the log. 

Select an entry for details

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
single sign on implementation in java server is in single user mode boot in single user mode linux start sql server in single user mode how to implement single sign on in java web application android single sign on oracle single sign on
Related Article
What is SFTP Commands Linux_the Introduction
How to Configure CentOS 7.4 SFTP Server
Build an SFTP Server Using CentOS Built-in SSH Service
Configure Linux SFTP and Configure User Access
How to Easily Configure SFTP Server Linux In 6 Steps
Automatic Upload and Download of SFTP Files_Shell Script

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Hot Article
Hot Tags
computing conference access forum computer class data get http html applications
Popular Keywords
direct digital landing development documentation data user director of marketing deploy it ddos how to description of products and services ddos information data website domain to dns

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More