Fortify | Blog Bujarra.com

Active Directory Connector for Fortigate: FSAE – Fortinet Server Authentication Extension

If we want to integrate the firewall with our Active Directory (Active Directory – AD), so we don't always have to use local users, if not take advantage of those that the domain controllers database has, we'll use a tool called FSAE. This procedure explains, How to install the FSAE, How to configure domain controllers and firewall, Then we'll create a policy and they'll just browse the internet (or the rule that interests us) Active Directory Users.

Updating the firmware to a Fortigate

The most important thing is to have the FW with the most current firmware possible, If it is a new and simple installation we will not have problems, the complex part comes when we have several distributed FWs and they make VPN's between them, since for example a VPN with a firmware FW 2.8 and one with the 3.0 It wouldn't work, they would have to have the same version. There are two ways to update the firmware, one by web that we simply indicate which is the firmware file to update and updates it maintaining the configurations; or another that would be by console cable, a TFTP server that is the one that serves the firmware image over the network. I explain the two ways:

Connect by console and basic configurations in a Fortigate

The first thing after unpacking the FW is to assign it a fixed IP for the INTERNAL interface and to be able to manage it via the web, which is more convenient than by commands.. So either we change the IP to our PC or we change it to the FW. The default IP of the FW is the 192.168.1.99, it is best not to connect the FW to the network until it is assigned a fixed IP as it can cause a duplicate IP, and also that it brings the DHCP service enabled by default for the INTERNAL interface. So we connected the console cable to the FW and the PC, we open on our PC the “HyperTerminal” since “Beginning” > “Programmes” > “Accessories” > “Communications” > “HyperTerminal” and create a new connection.

Setting up one cluster, two or more Fortigate

This procedure explains how to configure two Fortigate firewalls in clustered mode, for high availability. Both firewalls need to have the same firmware version. In my case they both have a version 3, With a built 400. I've set up the following features for each of them:

Connectivity balancing in Fortigate

If we want to configure the firewall for when an internet connection goes down, it automatically goes out with another and the users “almost” do not realize it you have to follow the steps of this procedure. It is applicable to any Fortigate, Logically, what you have to have is two connections from different suppliers in the organization, for example, we can have Timofonica on the WAN1 and Güanadú on the WAN2, in case the Timofonica connection drops (something quite frequent) that the connection we have with Güanadú be lifted.