beautypg.com

Configuring tcp ports – Fortinet FSAE User Manual

Page 13

background image

Using FSAE on your network

Configuring FSAE on Windows AD

Fortinet Server Authentication Extension Version 1.5 Technical Note
01-30005-0373-20071001

13

4

Enter the following information and then select OK.

Configuring TCP ports

Windows AD records when users log on but not when they log off. For best
performance, FSAE monitors when users log off. To do this, FSAE needs read-
only access to each client computer’s registry over TCP port 139 or 445. At least
one of these ports should be open and not blocked by firewall policies.

If it is not feasible or acceptable to open TCP port 139 or 445, you can turn off
FSAE logoff detection. To do this, set the collector agent Workstation verify
interval to 0. FSAE assumes that the logged on computer remains logged on for
the duration of the collector agent Dead entry timeout interval. By default this is
eight hours. For more information about both interval settings, see

“Timers” on

page 11

in the

“Configuring collector agent settings”

section.

Default

Select to create the default filter. The default filter applies to any
FortiGate unit that does not have a specific filter defined in the list.

FortiGate Serial
Number

Enter the serial number of the FortiGate unit to which this filter
applies. This field is not available if Default is selected.

Description

Enter a description of this FortiGate unit’s role in your network. For
example, you could list the resources accessed through this unit.
This field is not available if Default is selected.

Monitor the following
groups

The collector agent sends the FortiGate unit user logon
information for the Windows AD user groups in this list. You edit
this list using the Add, Advanced and Remove buttons.

Add

In the preceding single-line field, enter the Windows AD domain
name and user group name in the format “Domain/Group” and
then select Add. If you don’t know the exact name, use the
Advanced button instead.

Advanced

Select Advanced, select the user groups from the list, and then
select Add.

Remove

Remove the user groups selected in the monitor list.