|
|
|
Using FSAE on your network | Configuring FSAE on Windows AD |
Password | Enter the password that FortiGate units must use to |
| authenticate. The maximum password length is 16 |
| characters. The default password is “fortinetcanada”. |
Timers |
|
Workstation verify interval | Enter the interval in minutes at which FSAE checks |
| whether the user is still logged in. The default is every |
| 5 minutes. |
| If ports 139 or 445 cannot be opened on your |
| network, set the interval to 0 to disable the check. |
| See “Configuring TCP ports” on page 13. |
Dead entry timeout interval | Enter the interval in minutes after which FSAE purges |
| information for user logons that it cannot verify. The |
| default is 480 minutes (8 hours). |
| Dead entries usually occur because the computer is |
| unreachable (in standby mode or disconnected, for |
| example) but the user has not logged off. |
| You can also disable dead entry checking by setting |
| the interval to 0. |
IP address change verify | FSAE periodically checks the IP addresses of logged- |
interval | in users and updates the FortiGate unit when user IP |
| addresses change. This does not apply to users |
| authenticated through NTLM. Enter the verification |
| interval in seconds. IP address verification prevents |
| users from being locked out if they change IP |
| addresses. You can enter 0 to disable the IP address |
| check if you use static IP addresses. |
Save & Close | Save the modified settings and exit. |
Apply | Apply changes now. |
Default | Change all settings to the default values. |
Help | View the online Help. |
Note: To view the version and build number information for your FSAE configuration, click the Fortinet icon in the upper left corner of the Fortinet Collector Agent Configuration screen and select “About FSAE configuration”.
Configuring the Global Ignore List
The Global Ignore List excludes users such as system accounts that do not authenticate to any FortiGate unit. The logons of these users are not reported to FortiGate units.
To configure the Global Ignore List
1From the Start menu select Programs > Fortinet >
Fortinet Server Authentication Extension > Configure FSAE.
2Select Global Ignore List.
3Expand each domain and select the users to ignore.
4Select Save.
Configuring FortiGate group filters
FortiGate filters control the user logon information sent to each FortiGate unit. You need to configure the list so that each FortiGate unit receives user logon information for the user groups that are named in its firewall policies.
The filter list is initially empty. You need to configure filters for your FortiGate units using the Add function. At minimum, you can create a default filter that applies to all FortiGate units that do not have a specific filter defined for them.
Fortinet Server Authentication Extension Version 1.5 Technical Note |
|
11 |
