Installing fsae on your network, Installing fsae – Fortinet FSAE User Manual

Using FSAE on your network

Installing FSAE on your network

Fortinet Server Authentication Extension Version 1.5 Technical Note
01-30005-0373-20071001

7

Installing FSAE on your network

FSAE has two components that you must install on your network:

•

The domain controller (DC) agent, which must be installed on every domain
controller

•

The collector agent, which must be installed on at least one domain controller

The FSAE installer first installs the collector agent. You can then continue with
installation of the DC agent, or install it later by going to Start > Programs >
Fortinet > Fortinet Server Authentication Extension > Install DC Agent. The
installer installs a DC agent on the domain controllers of all of the trusted domains
in your network.

If you install the collector agent on two or more domain controllers, you can create
a redundant configuration on the FortiGate unit for greater reliability. If the current
collector agent fails, the FortiGate unit switches to the next one in its list of up to
five collector agents.

You must install FSAE using an account that has administrator privileges. You can
use the default Administrator account, but then you must re-configure FSAE each
time the account password changes. Fortinet recommends that you create a
dedicated account with administrator privileges and a password that does not
expire.

Installing FSAE

To install FSAE, you must obtain the FortiClient Setup file from the Fortinet
Support web site. Perform the following installation procedure on the computer
that will run the Collector Agent. This can be any server or domain controller that
is part of your network. The procedure also installs the DC Agent on all of the
domain controllers in your network.

1

Create an account with administrator privileges and a password that doesn’t
expire. See Microsoft Advanced Server documentation for more information.

2

Log into the account that you created in Step

1

.

3

Double-click the FSAESetup.exe file.

The FSAE InstallShield Wizard starts.

4

Select Next. Optionally, you can change the location where FSAE is installed.

5

Select Next.

6

By default, FSAE authenticates users both by monitoring logons and by accepting
authentication requests using the NTLM protocol.

•

If you want to support only NTLM authentication, disable the option to Monitor
user logon events. Ensure that the option to Serve NTLM authentication
requests is enabled.

•

If you do not want to support NTLM authentication, disable the option to Serve
NTLM authentication requests. Ensure that the option to Monitor user logon
events is enabled.

You can also change these options after installation.

7

Select Next and then select Install.

8

In the Password field, enter the password for the account listed in the User Name
field. This is the account you are logged into currently.