Fortinet FSAE manual Installing Fsae on your network

Page 7

 

 

 

Using FSAE on your network

Installing FSAE on your network

Installing FSAE on your network

FSAE has two components that you must install on your network:

The domain controller (DC) agent, which must be installed on every domain controller

The collector agent, which must be installed on at least one domain controller

The FSAE installer first installs the collector agent. You can then continue with installation of the DC agent, or install it later by going to Start > Programs > Fortinet > Fortinet Server Authentication Extension > Install DC Agent. The installer installs a DC agent on the domain controllers of all of the trusted domains in your network.

If you install the collector agent on two or more domain controllers, you can create a redundant configuration on the FortiGate unit for greater reliability. If the current collector agent fails, the FortiGate unit switches to the next one in its list of up to five collector agents.

You must install FSAE using an account that has administrator privileges. You can use the default Administrator account, but then you must re-configure FSAE each time the account password changes. Fortinet recommends that you create a dedicated account with administrator privileges and a password that does not expire.

Installing FSAE

To install FSAE, you must obtain the FortiClient Setup file from the Fortinet Support web site. Perform the following installation procedure on the computer that will run the Collector Agent. This can be any server or domain controller that is part of your network. The procedure also installs the DC Agent on all of the domain controllers in your network.

1Create an account with administrator privileges and a password that doesn’t expire. See Microsoft Advanced Server documentation for more information.

2Log into the account that you created in Step 1.

3Double-click the FSAESetup.exe file. The FSAE InstallShield Wizard starts.

4Select Next. Optionally, you can change the location where FSAE is installed.

5Select Next.

6By default, FSAE authenticates users both by monitoring logons and by accepting authentication requests using the NTLM protocol.

If you want to support only NTLM authentication, disable the option to Monitor user logon events. Ensure that the option to Serve NTLM authentication requests is enabled.

If you do not want to support NTLM authentication, disable the option to Serve NTLM authentication requests. Ensure that the option to Monitor user logon events is enabled.

You can also change these options after installation.

7Select Next and then select Install.

8In the Password field, enter the password for the account listed in the User Name field. This is the account you are logged into currently.

Fortinet Server Authentication Extension Version 1.5 Technical Note

 

01-30005-0373-20071001

7

Page 6 Page 8
Image 7
Page 6 Page 8
Contents C H N I C a L N O T E Regulatory compliance TrademarksContents Page Fsae overview Using Fsae on your networkFsae with DC agent Installing Fsae Installing Fsae on your networkFortinet Server Authentication Extension Install DC Agent Configuring Fsae on Windows ADConfiguring collector agent settings Configuring Windows AD server user groupsFortinet Server Authentication Extension Configure Fsae To configure the Fsae collector agentConfiguring FortiGate group filters Configuring the Global Ignore ListTo configure the Global Ignore List To view the FortiGate Filter List To configure a FortiGate group filterGroups On this FortiGate unit Add Configuring TCP ports Specifying your collector agents Configuring Fsae on FortiGate unitsTo specify collector agents Creating user groups Viewing information imported from the Windows AD serverCreating firewall policies To create a firewall policy for Fsae authenticationUnderstanding the Ntlm authentication process Testing the configurationNtlm authentication Allowing guests to access Fsae policiesProxy-Authorization Ntlm negotiate string header
Top Page Image Contents