Fortinet FSAE Configuring TCP ports

Using FSAE on your network Configuring FSAE on Windows AD

Fortinet Server Authentication Extension Version 1.5 Technical Note

01-30005-0373-20071001 13

4Enter the following information and then select OK.

Configuring TCP ports

Windows AD records when users log on but not when they log off. For best

performance, FSAE monitors when users log off. To do this, FSAE needs read-

only access to each client computer’s registry over TCP port 139 or 445. At least

one of these ports should be open and not blocked by firewall policies.

If it is not feasible or acceptable to open TCP port 139 or 445, you can turn off

FSAE logoff detection. To do this, set the collector agent Workstation verify

interval to 0. FSAE assumes that the logged on computer remains logged on for

the duration of the collector agent Dead entry timeout interval. By default this is

eight hours. For more information about both interval settings, see “Timers” on

page 11 in the “Configuring collector agent settings” section.

Default Select to create the default filter. The default filter applies to any

FortiGate unit that does not have a specific filter defined in the list.

FortiGate Serial

Number Enter the serial number of the FortiGate unit to which this filter

applies. This field is not available if Default is selected.

Description Enter a description of this FortiGate unit’s role in your network. For

example, you could list the resources accessed through this unit.

This field is not available if Default is selected.

Monitor the following

groups The collector agent sends the FortiGate unit user logon

information for the Windows AD user groups in this list. You edit

this list using the Add, Advanced and Remove buttons.

Add In the preceding single-line field, enter the Windows AD domain

name and user group name in the format “Domain/Group” and

then select Add. If you don’t know the exact name, use the

Advanced button instead.

Advanced Select Advanced, select the user groups from the list, and then

select Add.

Remove Remove the user groups selected in the monitor list.