Fortinet FSAE manual Installing Fsae on your network

Installing FSAE on your network

FSAE has two components that you must install on your network:

•The domain controller (DC) agent, which must be installed on every domain controller

•The collector agent, which must be installed on at least one domain controller

The FSAE installer first installs the collector agent. You can then continue with installation of the DC agent, or install it later by going to Start > Programs > Fortinet > Fortinet Server Authentication Extension > Install DC Agent. The installer installs a DC agent on the domain controllers of all of the trusted domains in your network.

If you install the collector agent on two or more domain controllers, you can create a redundant configuration on the FortiGate unit for greater reliability. If the current collector agent fails, the FortiGate unit switches to the next one in its list of up to five collector agents.

You must install FSAE using an account that has administrator privileges. You can use the default Administrator account, but then you must re-configure FSAE each time the account password changes. Fortinet recommends that you create a dedicated account with administrator privileges and a password that does not expire.

Installing FSAE

To install FSAE, you must obtain the FortiClient Setup file from the Fortinet Support web site. Perform the following installation procedure on the computer that will run the Collector Agent. This can be any server or domain controller that is part of your network. The procedure also installs the DC Agent on all of the domain controllers in your network.

1Create an account with administrator privileges and a password that doesn’t expire. See Microsoft Advanced Server documentation for more information.

2Log into the account that you created in Step 1.

3Double-click the FSAESetup.exe file. The FSAE InstallShield Wizard starts.

4Select Next. Optionally, you can change the location where FSAE is installed.

5Select Next.

6By default, FSAE authenticates users both by monitoring logons and by accepting authentication requests using the NTLM protocol.

•If you want to support only NTLM authentication, disable the option to Monitor user logon events. Ensure that the option to Serve NTLM authentication requests is enabled.

•If you do not want to support NTLM authentication, disable the option to Serve NTLM authentication requests. Ensure that the option to Monitor user logon events is enabled.

You can also change these options after installation.

7Select Next and then select Install.

8In the Password field, enter the password for the account listed in the User Name field. This is the account you are logged into currently.