Scribd Logo
Upload

Welcome to Scribd!

  • 446 views

    Configuration of FSSO With DC AD PDF

    Uploaded by

    jmdoce
    This document provides instructions for configuring single sign-on authentication for a Windows Active Directory environment using Fortinet Single Sign-On (FSSO). It involves configuring an FSSO agent on the Windows AD server, adding the FSSO agent and user groups to the FortiGate, and creating an identity-based firewall policy that uses FSSO authentication to grant access to users in specific AD groups. When completed, Windows AD users in the selected groups can access resources through the FortiGate without re-entering their credentials.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    Configuration of FSSO With DC AD PDF

    Uploaded by

    jmdoce
    446 views2 pages
    This document provides instructions for configuring single sign-on authentication for a Windows Active Directory environment using Fortinet Single Sign-On (FSSO). It involves configuring an FSSO agent on the Windows AD server, adding the FSSO agent and user groups to the FortiGate, and creating an identity-based firewall policy that uses FSSO authentication to grant access to users in specific AD groups. When completed, Windows AD users in the selected groups can access resources through the FortiGate without re-entering their credentials.

    Original Description:

    Original Title

    Configuration of FSSO with DC AD.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for configuring single sign-on authentication for a Windows Active Directory environment using Fortinet Single Sign-On (FSSO). It involves configuring an FSSO agent on the Windows AD server, adding the FSSO agent and user groups to the FortiGate, and creating an identity-based firewall policy that uses FSSO authentication to grant access to users in specific AD groups. When completed, Windows AD users in the selected groups can access resources through the FortiGate without re-entering their credentials.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    446 views2 pages

    Configuration of FSSO With DC AD PDF

    Uploaded by

    jmdoce
    This document provides instructions for configuring single sign-on authentication for a Windows Active Directory environment using Fortinet Single Sign-On (FSSO). It involves configuring an FSSO agent on the Windows AD server, adding the FSSO agent and user groups to the FortiGate, and creating an identity-based firewall policy that uses FSSO authentication to grant access to users in specific AD groups. When completed, Windows AD users in the selected groups can access resources through the FortiGate without re-entering their credentials.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Configuring FSSO for single sign-on user access in a Windows AD environment

    Problem
    You want users to authenticate using their Windows Active Directory credentials. You are using Windows Active Directory (Windows AD) running on Windows Server 2008.
    Solution
    Configure the FortiGate unit to obtain logon information about Windows AD users from the Windows AD domain controller. This information includes each users Windows AD user group.
    Create an identity-based policy to grant access only to users belonging to specific groups.
    The FortiGate unit obtains logon information about Windows AD users from the FSSO Collector Agent.
    Configure the FSSO Agent
    1 On the Windows AD server, from the Start menu, select Programs >FortiNet >Fortinet Single Sign On Agent >Configure Fortinet Single Sign On Agent.
    2 Select Require Authenticated Connection from FortiGate and enter a password, forti123, for example.
    3 In the Common Tasks section, select Set Directory Access Information and set AD access mode to Standard. Select OK.
    4 In the Common Tasks section, select Set Group Filters, and then select Add to create a new filter.
    5 Add the groups AD864R2/GROUP1 AD864R2/GROUP2, AD864R2/GROUP3, and AD864R2/GROUP4.
    6 Select OK.
    Figure 1: Configuring the FSSO agent
    Pgina 1 de 2 Configuring FSSO for single sign-on user access in a Windows AD environment
    22/09/2014 http://docs-legacy.fortinet.com/cb/html/FOS_Cookbook/Authentication/FSSO-IBP.html

    Configure the FortiGate unit to access the FSSO Agent
    1 Go to User >Single Sign-On >FSSO Agent and select Create New to add the FSSO agent:
    Name AD-server
    FSSO Agent IP/Name 10.1.100.131
    Port 8000
    Password forti123
    2 Select OK.
    Get user group information from the Windows AD server
    Enter the following CLI command to refresh user group information from the Windows AD server using the Fortinet Single Sign On (FSSO) agent:
    execute fsso refresh
    Add user groups to the FortiGate unit
    1 Go to User >User Group >User Group and select Create New to enter the following user group configuration:
    Name AD
    Type Fortinet Single-Sign-On (FSSO)
    Members
    Add AD864R2/GROUP1,
    AD864R2/GROUP2, AD864R2/GROUP3,
    and AD864R2/GROUP4 from the
    Available Members list.
    2 Select OK.
    Configure an identity-based firewall policy
    1 Go to Policy >Policy >Policy and select Create New to add an identity-based policy that requires authentication for connections from port10 to port9.
    2 Enter:
    Source Interface/Zone port10
    Source Address all
    Destination Interface/Zone port9
    Destination Address all
    Action ACCEPT
    Enable NAT Select.
    Enable Identity Based
    Policy
    Select.
    Fortinet Single Sign-On Select.
    NTLM Authentication Select.
    3 Select Enable Identity Based Policy.
    4 Select Fortinet SIngle Sign-On (FSSO).
    5 Select NTLM Authentication.
    6 Select Add and add the AD user group to the identity-based policy:
    User Group AD
    Service ANY
    Schedule always
    7 Select OK to save the authentication rule and then select OK to save the policy.
    Results
    Windows AD users in the selected Windows AD user groups who have already logged into the Windows AD network can access the Internet without being asked by the FortiGate unit to
    enter their logon credentials again.
    Pgina 2 de 2 Configuring FSSO for single sign-on user access in a Windows AD environment
    22/09/2014 http://docs-legacy.fortinet.com/cb/html/FOS_Cookbook/Authentication/FSSO-IBP.html

    You might also like