Fortinet FSAE manual Using Fsae on your network, Fsae overview

Page 5

 

 

Using FSAE on your network

FSAE overview

Using FSAE on your network

The Fortinet Server Authentication Extension (FSAE) provides seamless authentication of Microsoft Windows Active Directory users on FortiGate units. This chapter describes how to install and configure FSAE on your Microsoft Windows network and how to configure your FortiGate unit to authenticate users using FSAE.

The following topics are included in this chapter:

FSAE overview

Installing FSAE on your network

Configuring FSAE on Windows AD

Configuring FSAE on FortiGate units

Testing the configuration

NTLM authentication

FSAE overview

On a Microsoft Windows network, users authenticate at logon. It would be inconvenient if users then had to enter another user name and password for network access through the FortiGate unit. FSAE provides authentication information to the FortiGate unit so that users automatically get access to permitted resources.

FortiGate units control access to resources based on user groups. Through FSAE, the Windows Active Directory (AD) groups are known to the FortiGate unit and you can include them as members of FortiGate user groups.

There are two mechanisms for passing user authentication information to the FortiGate unit:

FSAE software installed on a domain controller monitors user logons and sends the required information directly to the FortiGate unit

using the NTLM protocol, the FortiGate unit requests information from the Windows network to verify user authentication. This is used where it is not possible to install FSAE on the domain controller. The user must use the Internet Explorer (IE) browser.

FSAE has two components that you must install on your network:

The domain controller (DC) agent must be installed on every domain controller to monitor user logons and send information about them to the collector agent.

The collector agent must be installed on at least one domain controller to send the information received from the DC agents to the FortiGate unit.

Fortinet Server Authentication Extension Version 1.5 Technical Note

 

01-30005-0373-20071001

5

Page 4 Page 6
Image 5
Page 4 Page 6
Contents C H N I C a L N O T E Regulatory compliance TrademarksContents Page Fsae overview Using Fsae on your networkFsae with DC agent Installing Fsae Installing Fsae on your networkFortinet Server Authentication Extension Install DC Agent Configuring Fsae on Windows ADConfiguring collector agent settings Configuring Windows AD server user groupsFortinet Server Authentication Extension Configure Fsae To configure the Fsae collector agentTo configure the Global Ignore List Configuring the Global Ignore ListConfiguring FortiGate group filters Groups On this FortiGate unit Add To configure a FortiGate group filterTo view the FortiGate Filter List Configuring TCP ports To specify collector agents Configuring Fsae on FortiGate unitsSpecifying your collector agents Creating user groups Viewing information imported from the Windows AD serverCreating firewall policies To create a firewall policy for Fsae authenticationNtlm authentication Testing the configurationAllowing guests to access Fsae policies Understanding the Ntlm authentication processProxy-Authorization Ntlm negotiate string header
Top Page Image Contents