beautypg.com

Configuring the global ignore list, Configuring fortigate group filters, To configure the global ignore list – Fortinet FSAE User Manual

Page 11: Configuring

background image

Using FSAE on your network

Configuring FSAE on Windows AD

Fortinet Server Authentication Extension Version 1.5 Technical Note
01-30005-0373-20071001

11

Configuring the Global Ignore List

The Global Ignore List excludes users such as system accounts that do not authenticate to
any FortiGate unit. The logons of these users are not reported to FortiGate units.

To configure the Global Ignore List

1

From the Start menu select Programs > Fortinet >
Fortinet Server Authentication Extension > Configure FSAE.

2

Select Global Ignore List.

3

Expand each domain and select the users to ignore.

4

Select Save.

Configuring FortiGate group filters

FortiGate filters control the user logon information sent to each FortiGate unit. You
need to configure the list so that each FortiGate unit receives user logon
information for the user groups that are named in its firewall policies.

The filter list is initially empty. You need to configure filters for your FortiGate units
using the Add function. At minimum, you can create a default filter that applies to
all FortiGate units that do not have a specific filter defined for them.

Password

Enter the password that FortiGate units must use to
authenticate. The maximum password length is 16
characters. The default password is “fortinetcanada”.

Timers

Workstation verify interval

Enter the interval in minutes at which FSAE checks
whether the user is still logged in. The default is every
5 minutes.
If ports 139 or 445 cannot be opened on your
network, set the interval to 0 to disable the check.
See

“Configuring TCP ports” on page 13

.

Dead entry timeout interval

Enter the interval in minutes after which FSAE purges
information for user logons that it cannot verify. The
default is 480 minutes (8 hours).
Dead entries usually occur because the computer is
unreachable (in standby mode or disconnected, for
example) but the user has not logged off.
You can also disable dead entry checking by setting
the interval to 0.

IP address change verify
interval

FSAE periodically checks the IP addresses of logged-
in users and updates the FortiGate unit when user IP
addresses change. This does not apply to users
authenticated through NTLM. Enter the verification
interval in seconds. IP address verification prevents
users from being locked out if they change IP
addresses. You can enter 0 to disable the IP address
check if you use static IP addresses.

Save & Close

Save the modified settings and exit.

Apply

Apply changes now.

Default

Change all settings to the default values.

Help

View the online Help.

Note: To view the version and build number information for your FSAE configuration, click
the Fortinet icon in the upper left corner of the Fortinet Collector Agent Configuration screen
and select “About FSAE configuration”.

See also other documents in the category Fortinet Hardware: