Fsae with DC agent | Fortinet FSAE instruction

FSAE overview

Using FSAE on your network

Figure 1: FSAE with DC agent

In Figure 1, the Client User logs on to the Windows domain, information is forwarded to the FSAE Collector agent by the FSAE agent on the domain controller, and if authentication is successful, the information is then sent via the collector agent to the FortiGate unit.

Figure 2: NTLM FSAE implementation

In Figure 2, the Client User logs on to the Windows domain. The FortiGate unit intercepts the request, and requests information about the user login details. The returned values are compared to the stored values on the FortiGate unit that have been received from the domain controller.

	Fortinet Server Authentication Extension Version 1.5 Technical Note
6	01-30005-0373-20071001

Image 6

Fortinet FSAE manual Fsae with DC agent

Contents

C H N I C a L N O T E Trademarks Regulatory compliance Contents Page Using Fsae on your network Fsae overview Fsae with DC agent Installing Fsae on your network Installing Fsae Configuring Fsae on Windows AD Fortinet Server Authentication Extension Install DC Agent Configuring Windows AD server user groups Configuring collector agent settings To configure the Fsae collector agent Fortinet Server Authentication Extension Configure Fsae Configuring the Global Ignore List Configuring FortiGate group filtersTo configure the Global Ignore List To configure a FortiGate group filter To view the FortiGate Filter ListGroups On this FortiGate unit Add Configuring TCP ports Configuring Fsae on FortiGate units Specifying your collector agentsTo specify collector agents Viewing information imported from the Windows AD server Creating user groups To create a firewall policy for Fsae authentication Creating firewall policies Allowing guests to access Fsae policies Testing the configurationNtlm authentication Understanding the Ntlm authentication process Proxy-Authorization Ntlm negotiate string header