The main difference between advanced and standard mode is. In order to install fsso agentbased authentication, the software should be downloaded from the fortinet service and support web portal. On a windows ad network, the fsso software can also serve nt lan manager ntlm requests coming from client browsers forwarded by the fortigate unit. To install the agent, open the installer file and use the installation wizard. When using this setup, it is recommended to position the fortigate physically close to the ca server and ldap server when advanced mode is used so latency is low. Setting up your fortigate for fsso fortinet documentation library.
Fsso software installed on a windows ad network monitors user logons and sends the required information to the fortigate unit. Fortios can provide single signon capabilities to windows ad, citrix, vmware horizon, novell edirectory, or, as of fortios 5. Connect to the windows ad server and download the fsso agent from fortinet support. Enter a name, set type to fortinet single signon fsso, and add the fsso group as one of the members. Fortigate next generation firewall utilizes purposebuilt security processors and threat intelligence security services from fortiguard labs to deliver toprated protection and high performance, including encrypted traffic. Fill in the name, and primary fsso agent server ip address or name and password. Configuring fsso on the fortigate fortinet documentation library. Creating fsso connectors fortinet documentation library. Agentbased fsso for windows ad fortinet documentation library. In this recipe, you use agentbased fortinet single signon fsso to allow users to login to the network once with their windows ad credentials and seamlessly. In the ssoidentity section, click fortinet single signon agent. Fsso polling connector agent installation fortinet documentation.
In this recipe, you use agentbased fortinet single signon fsso to allow users to login to the network once with their windows ad credentials and seamlessly access all appropriate network resources. Active directory groups in identitybased firewall policy. The fsso software can obtain this information by polling the ad domain controllers or by using an fsso agent on each ad domain controller that monitors user logons in real time. This method does not require any additional software components, and all the configuration can be done on the fortigate. Managing fortios and fsso fortinet documentation library. Overview fortiauthenticator is designed specifically to provide authentication services for firewalls, ssl and ipsec vpns, wireless access points, switches, routers, and servers. Fortios can provide single signon capabilities to windows ad, citrix, or novell edirectory users with the help of agent software installed on these networks. Each firmware version is released together with a corresponding agent version. Ensure fortimanager can access the ldap server when advanced mode is used. Downloading fsso agent software fortinet knowledge base. Your fortigate displays information retrieved from the ad server.
Fortimanager needs access to the ldap server to define fsso groups. Installing the fsso agent fortinet documentation library. You can create ssoidentity connectors for fortinet single signon fsso agents. The agent software sends information about user logons to the fortigate unit. Introduction to fsso fortinet documentation library. Fortigate reduces complexity with automated visibility into applications, users, and network.
962 657 146 222 642 524 1149 490 317 312 1494 1470 1112 333 384 622 1126 1246 301 1069 1014 432 1243 544 604 1191 1145 831 1203 1038 412 481 941 709 373 1000 924 180 997 389 511 606 229 1307 869 195 892 1332 1079 451