Creating firewall policies – Fortinet FSAE User Manual

Fortinet Server Authentication Extension Version 1.5 Technical Note

16

01-30005-0373-20071001

Configuring FSAE on FortiGate units

Using FSAE on your network

Figure 4: New User Group dialog box

3

In the Name box, enter a name for the group, Developers, for example.

4

From the Type list, select Active Directory.

5

From the Protection Profile list, select the required protection profile.

6

From the Available Users list, select the required Active Directory groups.

Using the CTRL or SHIFT keys, you can select multiple groups.

7

Select the green right arrow button to move the selected groups to the Members
list.

8

Select OK.

Creating firewall policies

Policies that require FSAE authentication are very similar to other firewall policies.
Currently, only one single authentication firewall policy can be configured if the
source interface/source IP pair is the same.

To create a firewall policy for FSAE authentication

1

Go to Firewall > Policy and select Create New.

2

Enter the following information:

3

Select Authentication and then select Active Directory from the adjacent list.

4

Select the required user group from the Available Groups list and then select the
right arrow button to move the selected group to the Allowed list.

You can select multiple groups using the CTRL or SHIFT keys.

5

Select OK.

Source interface and address

as required

Destination interface and address

as required

Schedule

as required

Service

ANY

Action

ACCEPT

NAT

as needed