Fortinet FortiGate v3.0 MR7 User Manual
Page 28
FortiOS v3.0 MR7 User Authentication User Guide
28
01-30007-0347-20080828
Directory Service servers
Authentication servers
To view the list of Directory Service servers, go to User > Directory Service.
Figure 8: Example Directory Service server list
Configuring the FortiGate unit to use a Directory Service server
You need to configure the FortiGate unit to access at least one FSAE collector
agent. You can specify up to five Directory Service servers on which you have
installed a collector agent. If it is necessary for your FSAE collector agent to
require authenticated access, you enter a password for the server. The server
name appears in the list of Directory Service servers when you create user
groups. You can also retrieve information directly through an LDAP server instead
of through the FSAE agent.
Create New
Add a new Directory Service server.
Name
You can select the Expand arrow beside the server/domain/group
name to display Directory Service domain and group information.
Server
The name defined for the Directory Service
server.
Domain
Domain name imported from the Directory
Service server.
Groups
The group names imported from the Directory
Service server.
FSAE Collector IP
The IP addresses and TCP ports of up to five FSAE collector
agents that send Directory Service server login information to the
FortiGate unit.
Delete icon
Delete this Directory Service server.
Edit icon
Edit this Directory Service server.
Add User/Group
Add a user or group to the list. You must know the distinguished
name for the user or group.
Edit Users/Group
Select users and groups to add to the list.
Expand Arrow (Directory Service server)
Domain and groups
Edit User/Group
Add User/Group
Edit
Delete
Server
Note: You can create a redundant configuration on your FortiGate unit if you install a
collector agent on two or more domain controllers. If the current collector agent fails, the
FortiGate unit switches to the next one in its list of up to five collector agents.