Fortinet FSAE manual Fsae with DC agent

Page 6

FSAE overview

Using FSAE on your network

Figure 1: FSAE with DC agent

In Figure 1, the Client User logs on to the Windows domain, information is forwarded to the FSAE Collector agent by the FSAE agent on the domain controller, and if authentication is successful, the information is then sent via the collector agent to the FortiGate unit.

Figure 2: NTLM FSAE implementation

In Figure 2, the Client User logs on to the Windows domain. The FortiGate unit intercepts the request, and requests information about the user login details. The returned values are compared to the stored values on the FortiGate unit that have been received from the domain controller.

	Fortinet Server Authentication Extension Version 1.5 Technical Note
6	01-30005-0373-20071001

Image 6

Contents C H N I C a L N O T E Trademarks Regulatory complianceContents Page Using Fsae on your network Fsae overviewFsae with DC agent Installing Fsae on your network Installing FsaeConfiguring Fsae on Windows AD Fortinet Server Authentication Extension Install DC AgentConfiguring Windows AD server user groups Configuring collector agent settingsTo configure the Fsae collector agent Fortinet Server Authentication Extension Configure FsaeConfiguring the Global Ignore List Configuring FortiGate group filtersTo configure the Global Ignore List To configure a FortiGate group filter To view the FortiGate Filter ListGroups On this FortiGate unit Add Configuring TCP ports Configuring Fsae on FortiGate units Specifying your collector agentsTo specify collector agents Viewing information imported from the Windows AD server Creating user groupsTo create a firewall policy for Fsae authentication Creating firewall policiesAllowing guests to access Fsae policies Testing the configurationNtlm authentication Understanding the Ntlm authentication processProxy-Authorization Ntlm negotiate string header