Configuring fsae on fortigate units, Specifying your collector agents, To specify collector agents – Fortinet FSAE User Manual

Fortinet Server Authentication Extension Version 1.5 Technical Note

14

01-30005-0373-20071001

Configuring FSAE on FortiGate units

Using FSAE on your network

Configuring FSAE on FortiGate units

To configure your FortiGate unit to operate with FSAE, you

•

specify the Windows AD servers that contains the FSAE collector agents

•

add Active Directory user groups to new or existing FortiGate user groups

•

create firewall policies for Windows AD Server groups

•

optionally, specify a guest protection profile to allow guest access

Specifying your collector agents

You need to configure the FortiGate unit to access at least one FSAE collector
agent. You can specify up to five Windows AD servers on which you have installed
a collector agent. The FortiGate unit accesses these servers in the order that they
appear in the list. If a server becomes unavailable, the unit accesses the next one
in the list.

To specify collector agents

1

Go to User > Windows AD and select Create New.

2

Enter the following information and select OK:

Name

Enter a name for the Windows AD server. This name appears in the list
of Windows AD servers when you create user groups.

FSAE Collector IP Enter the following information for up to five collector agents.

IP Address

Enter the IP address of the Windows AD server where this collector
agent is installed.

Port

Enter the TCP port used for Windows AD. This must be the same as
the FortiGate listening port specified in the FSAE collector agent
configuration. See

“Configuring FSAE on Windows AD” on page 8

.

Password

Enter the password for the collector agent. This is required only if you
configured your FSAE collector agent to require authenticated access.
See

“Configuring FSAE on Windows AD” on page 8

.