Using Fortigate Authentication Against Active Directory Using LDAP

Print Friendly, PDF & Email

This document explains how to configure a Fortigate to use LDAP against a directory service, in this case against a Microsoft Windows Active Directory 2003. Learn more about LDAP – HERE.

Fortigate LDAP

The first thing is to connect to the FW, and go to “User” > “LDAP” and create a new connection using LDAP, To do this, click on “Create New”,

Fortigate LDAP

We must fill in the data for LDAP Server:
“Name”: The name of this LDAP Server connection
“Server Name/IP”: The IP of the server to which we will make LDAP queries
“Server Port”: It is the LDAP port to connect to said server.
“Common Name Identifier”: Default “Cn” which means that users will put their “Full name”, If we leave it empty, users will have to authenticate by putting their “Display Name” or “us*****@*****io.eso
“Distinguished Name”: It will be the path to the user container in the active directory. We will take into account if it is an Organizational Unit to put “OU” or if it is a normal container to indicate “CN”. It should be a route like the following: “OU=Organizational Unit,DC=domain,DC=domain”. We will see the specific case in my Active Directory below., What will the config I have look like.
And if we are interested in, we could ensure connectivity between the FW and the domain controller. Click on “OK”.

Fortigate LDAP

We see that it is correct.

Fortigate LDAP

Now what we should do is create a user group indicating the previous user group. To do this,, We are going to “User” > “User Group” > “Create New”.

Fortigate LDAP

We give a name to the user group in “Name”, For example “UsersVPN”. And we added to the right side to “Members” The group we have just created in “Users on RADIUS/LDAP servers”, We give “OK”.

Fortigate LDAP

And we check that the group is already created there. Now what would remain would be to add it to whatever interests us, to a Firewall Policy for IPSec VPN Access, SSL… or for whatever interests us.

Fortigate LDAP

This would be my active directory, with this UO called: VPN users and with those users inside it, It would be the users who have access to connect to Tonde Apply what we have just done.

www.bujarra.com – Héctor Herrero – Nh*****@*****ra.com – v 1.0


Recommended Posts

VPN with Citrix NetScaler III - Authentication with certificates
Read
Implementing Windows LAPS
Read
Allowing specific users to escape Fortigate's web filtering
Read
FortiGate metrics with Prometheus and Grafana
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Active Directory Connector for Fortigate: FSAE - Fortinet Server Authentication Extension

21 de October de 2008

Gestión de LOG's en un Fortigate

21 de October de 2008