How to Integrate Fortigate firewall with Active Directory & LDAP services (SSO)
HTML-код
- Опубликовано: 13 мар 2020
- Learn how to integrate Fortigate firewall with split-DNS, LDAP integration and Single Sign-On (SSO) using Fabric Connector. Restrict or Allow access to resources and internet based on Active Directory users or groups.
===========================
Network Security courses on ElastiCourse/Udemy:
Introduction to Fortigate Firewall
www.elasticourse.com/courses/...
www.udemy.com/course/introduc...
Fortigate Advanced Configuration
www.elasticourse.com/courses/...
www.udemy.com/course/advanced...
Introduction to FortiManager course
www.elasticourse.com/courses/...
www.udemy.com/course/introduc...
===========================
AWS Web Application deployment and migration course
www.elasticourse.com/courses/...
www.udemy.com/course/building... 
Наука
This video is part of Fortigate Advanced Configuration Firewall course, get it now on ElastiCourse/Udemy:
www.elasticourse.com/courses/advanced-fortigate-configuration/
www.udemy.com/course/advanced-fortigate-configuration/?referralCode=A7C0551AFAA250099526
works perfectly on may lab environment thanks for this tutorial 👍
thank you for great example , very informative
Thanks for the helpful information!
In the video,after 2 mins ,config dns sever is not showing error on edit lan command
Great introduction! One question though: How does this behave when working with Terminal Servers or even Citrix Virtual Desktops and such where IP addresses are shared.
Let's say 2 users are logged in on the same terminal server. One from the IT department one from marketing department. IT department is allowed to ping google.com, marketing department is not.
Will marketing department be able to ping google.com because the guy form IT department ist logged in to the same machine?
Good question! I haven't used Citrix environment myself, but I'm sure having two users login from same IP will cause a conflict, is there a way you can setup different citrix machines for different departments? I would think the firewall will honor whoever user logs in last as it will be the latest IP/Username mix in the list.
Does the "Poll Active Directory Server" work with Virtual Wire Pair? It's connecting to AD, but nothing is showing up in logs Username related.
If you can reach AD that's good start, try to debug LDAP to see more details in the error community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Fortigate-LDAP/ta-p/196280
Thanks for your video.
Only confuse part when I browsing Fortigate document is, based on my understanding, LDAP is role&feature in AD, you can install this role inside AD
But in many videos, when people connect fortigate to "LDAP", it's basically just connect fortigate to Windows DC with ADDS, so can I assume when people or Fortigate say LDAP basically means windows AD?
Thanks in advance
Windows AD + LDAP work together to provide federation services. You basically need both to connect to Fortigate.
have you seen this message "AD Server Status(err: server can not be accessible):" ?
Make sure Windows Server built-in firewall allows the LDAP port to be accessible
Hi Sir, may I know if FSSO and LDAP is different to each other? Will LDAP work without FFSO (vice versa)? I'm confused /: Please reply in your most convenient time. Thank you!
LDAP is the protocol used to communicate with your directory. FSSO are for Fortinet specific groups that you match to anActive Directory group. If you don't create FSSO groups you can only create policies using individual users which is not practical for big companies or big user base.
@@ElastiCourse Thank you for your wonderful info sir. I got FortiGate and Active Directory Server and I want my users to be filtered (web/app control etc.,) by using their domain accounts. May I know which configuration you preferred?
Probably create AD groups for each subset of users and assign each AD group an FSSO, then create policies using those FSSO entries with desired policy for each.
@@ElastiCourse You mean sir, instead of using LDAP, you much preferred in using FSSO?
You use them together to get to achieve the integration with Active Directory and User Groups.
LDAP Query : sucess(0) fail(8523212) what is the reason and how to fix this?
Can you give me more context, what is the setup like and what was the LDAP query