Configuring FSAE on FortiGate units | Using FSAE on your network |
Configuring FSAE on FortiGate units
To configure your FortiGate unit to operate with FSAE, you
•specify the Windows AD servers that contains the FSAE collector agents
•add Active Directory user groups to new or existing FortiGate user groups
•create firewall policies for Windows AD Server groups
•optionally, specify a guest protection profile to allow guest access
Specifying your collector agents
You need to configure the FortiGate unit to access at least one FSAE collector agent. You can specify up to five Windows AD servers on which you have installed a collector agent. The FortiGate unit accesses these servers in the order that they appear in the list. If a server becomes unavailable, the unit accesses the next one in the list.
To specify collector agents
1Go to User > Windows AD and select Create New.
2Enter the following information and select OK:
Name | Enter a name for the Windows AD server. This name appears in the list |
| of Windows AD servers when you create user groups. |
FSAE Collector IP Enter the following information for up to five collector agents. | |
IP Address | Enter the IP address of the Windows AD server where this collector |
| agent is installed. |
Port | Enter the TCP port used for Windows AD. This must be the same as |
| the FortiGate listening port specified in the FSAE collector agent |
| configuration. See “Configuring FSAE on Windows AD” on page 8. |
Password | Enter the password for the collector agent. This is required only if you |
| configured your FSAE collector agent to require authenticated access. |
| See “Configuring FSAE on Windows AD” on page 8. |
Fortinet Server Authentication Extension Version 1.5 Technical Note
14 |
|
