• Kiếm tiền với Hostinger

    Kiếm Tiền Cùng Hostinger

    Bạn đang tìm kiếm cách kiếm thêm thu nhập online? Hãy tham gia ngay chương trình Affiliate của Hostinger! Với mỗi khách hàng đăng ký thông qua liên kết của bạn, bạn sẽ nhận được khoản hoa hồng hấp dẫn.

    Hostinger cung cấp các dịch vụ lưu trữ web (hosting) chất lượng cao với mức giá cạnh tranh, giúp bạn dễ dàng giới thiệu và thu hút người dùng.

    Đừng bỏ lỡ cơ hội tuyệt vời này để tăng thêm thu nhập thụ động.

    Tham Gia Ngay

LDAP authentication on Fortigate Firewall

TigerDao

TigerDao

Administrator
Thành viên BQT
This article provides instructions for configuring single-use LDAP Fortigate Firewall Get user information from the Domain controller to apply policies to AD users right on the Fortigate device. The article uses a model with IP addresses set as follows:

upload_2017-8-25_10-35-19.jpeg


To Fortigate To authenticate users on AD, we must perform 3 steps:
– Prepare on AD
– Create LDAP server
– Map AD users to Fortigate devices

Start configuration

Step 1: On Domain controller:
On AD, create an OU (Organizational Unit), then put all users that need to be managed on the Firewall into this OU.
In the command line window type the command: dsquery user
Record the parameters CN, OU, DC
In addition, on AD there is no need to perform any additional operations or install any other software.

upload_2017-8-25_10-35-32.jpeg


Step 2: Configure LDAP above Fortigate Firewall

Go to User & Device -> Authentication-> LDAP Servers, declare the following parameters:
+ Name: Set arbitrarily
+ Server Name/IP: set the IP address of AD
+ ServerPort: default to 389
+ Common Name Identifier: default to “cn”
+ Disiguished Name: put in the correct order as OU then the name of the domain, the domain name is written in the form “DC=…” For example: “thegioimang.vn” is rewritten as “DC=thegioimang,DC=vn” The components are separated by commas, according to the parameters noted above.
+ Bind type, select Regular.
+ User DN: Enter all fields as noted above, in which the CN field is to enter the user used to authenticate with AD.
+ Password: enter the password of the user declared above.
After declaring the parameters, click Test, if there is a Success message, we have successfully connected to AD

upload_2017-8-25_10-35-41.jpeg


Step 3: Map users on AD to the device.

Go to User & Device -> User-> User Definition, select Create new
In the window that appears, select the remote LDAP User then click Next.

upload_2017-8-25_10-35-48.jpeg


In the next window, select the LDAP server you just configured

upload_2017-8-25_10-35-54.jpeg


Next, we select the users we need to map to in the next window, then click Next

upload_2017-8-25_10-36-0.jpeg


Step 4: Confirm Selection, click Done to finish.

upload_2017-8-25_10-36-31.jpeg


Go back to User -> User Definition, we will see the new users have been successfully mapped, Type is LDAP (User created on Fortigate has type LOCAL).

upload_2017-8-25_10-36-40.jpeg


For users that have been imported from AD, we can use it to impose policies, allow VPN connections… depending on our requirements. The article has been successfully tested on Windows server 2003, 2008 and 2012.

We are all successful.
Nhấn để mở rộng...

Xem tiếp...
 
Bạn phải đăng nhập hoặc đăng ký để bình luận.

Thành viên mới

Thành viên trực tuyến

Tổng: 347 (Thành viên: 40, khách: 307)

Quảng Cáo Miễn Phí Liên Hệ

vận chuyển hàng đi hà nội
vận chuyển hàng đi đà nẵng
https://thanhoattinh.net.vn/wp-content/uploads/2022/03/thanhoattinh.net_.vn_logo-1024x478.jpg
Top