Single sign-on to Windows AD
Single sign-on to Windows AD The FortiGate unit can authenticate users transparently and allow them network access based on their privileges in Windows AD. This means that users who have logged on to...
View ArticleAgent-based FSSO
Agent-based FSSO Introduction to agent-based FSSO Fortinet Single Sign-On (FSSO), through agents installed on the network, monitors user logons and passes that information to the FortiGate unit. When a...
View ArticleAgentless NTLM support
Agentless NTLM support Agentless NTLM authentication can be configured directly from the FortiGate to the Domain Controller via SMB protocol (no agent is required). Note that this authentication method...
View ArticleFSSO Agent installation
Agent installation After reading the appropriate sections of Introduction to agent-based FSSO on page 147 to determine which FSSO agents you need, you can proceed to perform the necessary...
View ArticleConfiguring the FSSO collector agent for Windows AD
Configuring the FSSO collector agent for Windows AD On the FortiGate unit, security policies control access to network resources based on user groups. With Fortinet Single Sign On, this is also true...
View ArticleConfiguring FSSO advanced settings
Configuring FSSO advanced settings Depending on your network topologies and requirement, you may need to configure advanced settings in the FSSO Colloctor agent.To do so, from the Start menu, select...
View ArticleConfiguring FSSO on FortiGate units
Configuring FSSO on FortiGate units To configure your FortiGate unit to operate with agent-based FSSO, you l Configure any access to LDAP servers that might be necessary. Skip this step if you are...
View ArticleFortiOS FSSO log messages
FortiOS FSSO log messages There are two types of FortiOS log messages — firewall and event. FSSO-related log messages are generated from authentication events. These include user logon and log off...
View ArticleTesting FSSO
Testing FSSO Once FSSO is configured, you can easily test to ensure your configuration is working as expected. For additional FSSO testing, see Troubleshooting FSSO on page 189. Logon to one of the...
View ArticleTroubleshooting FSSO
Troubleshooting FSSO When installing, configuring, and working with FSSO some problems are quite common. A selection of these problems follows including explanations and solutions. Troubleshooting FSSO...
View ArticleSSO using RADIUS accounting records
SSO using RADIUS accounting records A FortiGate unit can authenticate users transparently who have already authenticated on an external RADIUS server. Based on the user group to which the user belongs,...
View ArticleMonitoring authenticated users
Monitoring authenticated users This section describes how to view lists of currently logged-in firewall and VPN users. It also describes how to disconnect users. The following topics are included in...
View ArticleActive Passive HA FortiGate Cluster Managing FortiSwitch Stack
A lot of people have been having issues with their FortiSwitches going “disconnected” in their HA FortiGate clusters and it is a cabling issue. In this video, I break out how to do it so that your...
View ArticleManaging FortiSwitch Stack with HA FortiGate Cluster PART2
Part 2 of the white board session that shows some diagrams via computer (may be clearer than my whiteboard with glare) as well as some inside the fortigate perspective.
View ArticleFSSO Examples and troubleshooting
Examples and troubleshooting This chapter provides an example of a FortiGate unit providing authenticated access to the Internet for both Windows network users and local users. The following topics are...
View ArticleBasic HA and Redundant ISP Information
Little video discussing the basics of HA as well as configuring and cabling up redundant ISP connections (with failover)
View ArticleFortiOS 6.2 Best Practices
General considerations For security purposes, NAT mode is preferred because all of the internal or DMZ networks can have secure private addresses. NAT mode policies use network address translation to...
View ArticleFortiOS 6.2 – Firmware Best Practices
Firmware Firmware upgrading and downgrading sounds pretty simple, anyone can do it, right? The mark of a professional is not that they can do something correctly, or even do it correctly over and over...
View ArticleFortiOS 6.2 Firewall Best Practice
Firewall Be careful when disabling or deleting firewall settings. Changes that you make to the firewall configuration using the GUI or CLI are saved and activated immediately. Arrange firewall policies...
View ArticleFortiOS 6.2 Security Best Practice
Security Use NTP to synchronize time on the FortiGate and the core network systems, such as email servers, web servers, and logging services. Enable log rules to match corporate policy. For example,...
View Article