FortiOS 6.0 Authentication: Agent-based FSSO for Windows AD (advanced mode)

Source: Internet
Author: User
Keywords Authentication FSSO
Tags authentication getting started forticloud fortios fortios 6.0

This example uses the FSSO agent in advanced mode. The main difference between advanced and standard mode is the naming convention used when referring to username information. Standard mode uses Windows convention: Domain\Username. Advanced mode uses LDAP convention: CN=User, OU=Name, DC=Domain.

Advanced mode is required for multi-domains environments.

1. Installing the FSSO agent on the Windows AD server

Connect to the Windows AD server and download the FSSO agent from Fortinet Support.

To install the agent, open the installer file and use the installation wizard.

Set a User Name and Password for the FSSO domain administrator.

For the Install Options, select Advanced to use advanced mode instead of standard.

After installing the FSSO agent, run Install DC Agent.

Set the Collector Agent IP address and the Collector Agent listening port.

Select the domain you wish to monitor.

Exclude any users that you don’t want to monitor, including the administrator.

Set Working Mode to DC Agent Mode

Restart your server to apply all changes.

2. Configuring the FSSO agent

To configure the settings for your network, open the FSSO agent. You can use the default for most settings.

Select Set Directory Access Information. Set AD access mode to Advanced.

3. Setting up your FortiGate for FSSO

Because you have installed FSSSO in advanced mode, you need to configure LDAP to use with FSSO.

To configure the LDAP service, go to User & Device > LDAP Servers and select Create New.

Enter all information about your LDAP server. Select Test Connectivity. If your information is correct, Connection status is Successful.

Create a Fabric Connector to the FSSO agent by going to Security Fabric > Fabric Connectors and select + Create New.

Under SSO/Identity, select Fortinet Single Sign-On Agent.

Set the Name and enter the IP address and password for the Primary FSSO Agent.

Set Collector Agent AD access mode to Advanced and set LDAP Server to the new LDAP service.

Your FortiGate displays information retrieved from the AD server. Select Groups, then right-click the FSSO group and select + Add Selected.

Select Selected. The FSSO group is shown.

To create a user group for FSSO users, go to User & Device > User Groups and select Create New.

Enter a group Name and set Type to Fortinet Single Sign-On (FSSO). Add the FSSO users to Members.

To create a policy for FSSO users, go to Policy & Objects > IPv4 Policy and select Create New.

For Source, set User to the FSSO user group.

4. Results

Log into a computer on the domain and access the Internet. The FortiGate uses FSSO for authentication and doesn’t require your credentials to be entered again.

On the FortiGate, go to Monitor > Firewall User Monitor and select Show all FSSO Logons.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.