Scribd Logo
Upload

Welcome to Scribd!

  • 177 views

    FORTIGATE - SSO Using LDAP and FSSO Agent in Advanced Mode

    Uploaded by

    Julio Oliveira

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    FORTIGATE - SSO Using LDAP and FSSO Agent in Advanced Mode

    Uploaded by

    Julio Oliveira
    177 views7 pages

    Original Title

    FORTIGATE - SSO using LDAP and FSSO agent in advanced mode

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    177 views7 pages

    FORTIGATE - SSO Using LDAP and FSSO Agent in Advanced Mode

    Uploaded by

    Julio Oliveira

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 7

    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    AUTHENTICATION / EXPERT / FORTIOS 5.2 / FORTIOS 5.2.0 / FORTIOS 5.2.1 / FORTIOS 5.2.2 / FORTIOS
    5.2.3 / FORTIOS 5.2.4 / FORTIOS 5.2.5+

    Single Sign-On using LDAP and FSSO agent


    in advanced mode (Expert)
    Posted on August 4, 2015 by Fortinet Technical Documentation

    This recipe illustrates FortiGate user authentication with FSSO. In this example, user authentication
    controls Internet access and applies different security profiles for different users.
     

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 1/7
    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    1. Integrating the FortiGate with the LDAP server

    Go to User & Device > Authentication >


    LDAP Servers to configure the LDAP server.

    2. Installing FSSO agent on Windows AD server

    Accept the license and follow the Wizard.

    Enter the Windows AD administrator


    password.

    Select the Advanced Access method.

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 2/7
    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    In the Collector Agent IP address field, enter


    the IP address of the Windows AD server.

    Select the domain you wish to monitor.

    Next, select the users you do not wish to


    monitor.

    Under Working Mode, select DC Agent mode.

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 3/7
    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    Reboot the Domain Controller.

    Upon reboot, the collector agent will start


    up.

    You can choose to Require authenticated


    connection from FortiGate and set a
    Password.

    3. Configuring Single Sign-On on the FortiGate

    Go to User & Device > Authentication


    > Single Sign-On and create a new SSO
    server.

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 4/7
    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    Under Groups tab, select the user groups to


    be monitored. In this example, “FortiOS
    Writers” group is used.

    4. Creating a user group in the FortiGate

    Go to User & Device > User > User Groups to


    create a new FSSO user group.

    Under Members, select the


    “FortiOS_Writers” group created earlier.

    5. Adding a policy in the FortiGate

    Go to Policy & Obj ects > Policy > IP v4 and


    create a policy allowing  “FortiOS_writers”
    to navigate the Internet with appropriate
    security profiles.

    default Web Filter security profile is used in


    this example.

    9. Results

    Have users log on to the domain, go to the   


    FSSO agent, and select Show Logon Users.

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 5/7
    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    From the FortiGate, go to System > Status to diagnose debug authd fsso list
    look for the CLI Console widget and type this
    command for more detail about current ----FSSO logons----
    FSSO logons: IP: 10.10.20.3 User: ADMINISTRATOR Groups:
    CN=FORTIOS WRITERS,CN=USERS,DC=TECHDOC,DC=LOCAL
    Workstation: WIN2K8R2.TECHDOC.LOCAL MemberOf:
    FortiOS_Writers
    IP: 10.10.20.7 User: TELBAR Groups: CN=FORTIOS
    WRITERS,CN=USERS,DC=TECHDOC,DC=LOCAL
    Workstation: TELBAR-PC7.TECHDOC.LOCAL MemberOf:
    FortiOS_Writers
    Total number of logons listed: 2, filtered: 0
    ----end of FSSO logons----

    From the FortiGate, go to User & Device >   result2


    Monitor > Firewall and verify FSSO Logons.

    Have users go to the Internet and log1


    the security profiles will be applied
    accordingly.

    Go to Log & Report > Traff ic Log > Forward


    Traff ic to verify the log. 

    Select an entry for details. log2

     authentication, FSSO, LDAP, Windows AD

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 6/7
    12/07/2020 Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) – Fortinet Cookbook

    CONTACT |  DOCUMENTATION LIBRARY |  CLI PORTAL  |  FUSE COMMUNITY |  VIDEOS |  SUPPORT |  CORPORATE | 
    LEGAL

    © 2019 Fortinet

    https://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/index.html 7/7

    You might also like