beautypg.com

Configuring fsae on windows ad – Fortinet FSAE User Manual

Page 8

background image

Fortinet Server Authentication Extension Version 1.5 Technical Note

8

01-30005-0373-20071001

Configuring FSAE on Windows AD

Using FSAE on your network

9

Select Next and then select Install.

10

When the FSAE InstallShield Wizard completes, ensure that Launch DC Agent
Install Wizard is enabled and select Finish.

The FSAE - Install DC Agent wizard starts.

11

Check the Collector Agent IP address.

If the Collector Agent computer has multiple network interfaces, ensure that the
one that is listed is on your network. The listed Collector Agent listening port is the
default. You should change this only if the port is already used by some other
service.

12

Select Next.

13

Check the list of trusted domains and select Next.

If any of your required domains are not listed, cancel the wizard and set up the
proper trusted relationship with the domain controller. Then run the wizard again
by going to Start > Programs > Fortinet >
Fortinet Server Authentication Extension > Install DC Agent.

14

Optionally, select users that you do not want the DC Agent to monitor logon status
for. These users will not be able to authenticate to FortiGate units using FSAE.
You can also do this later. See

“Configuring FSAE on Windows AD” on page 8

.

15

Select Next.

16

Optionally, clear the check boxes of domain controllers on which you do not want
to install the FSAE DC Agent.

17

Select Next.

18

Select Yes when the wizard requests that you reboot the computer.

If you want to create a redundant configuration, repeat this procedure on at least
one other domain controller.

Before you can use FSAE, you need to configure it on both Windows AD and on
the FortiGate units. See the next section,

“Configuring FSAE on Windows AD”

,

and

“Configuring FSAE on FortiGate units” on page 14

.

Configuring FSAE on Windows AD

On the FortiGate unit, firewall policies control access to network resources based
on user groups. Each FortiGate user group is associated with one or more
Windows AD user groups.

Note: If you reinstall the FSAE software on this computer, your FSAE configuration is
replaced with default settings.

Note: When you start to install a second collector agent, when the Install Wizard dialog
appears the second time, cancel it. From the configuration GUI, the monitored domain
controller list should show your domain controllers unselected. Select the ones you wish to
monitor with this collector agent, and click Apply.

See also other documents in the category Fortinet Hardware: