EasyManua.ls Logo

Fortinet Gate 60D - Page 580

Fortinet Gate 60D
706 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Directory Service User
FortiGate Version 4.0 Administration Guide
580 01-400-89802-20090424
http://docs.fortinet.com/Feedback
FortiGate units use firewall policies to control access to resources based on user groups
configured in the policies. Each FortiGate user group is associated with one or more
Directory Service user groups. When a user logs in to the Windows or Novell domain, a
Fortinet Server Authentication Extension (FSAE) sends the FortiGate unit the user’s IP
address and the names of the Directory Service user groups to which the user belongs.
The FSAE has two components that you must install on your network:
The domain controller (DC) agent must be installed on every domain controller to
monitor user logins and send information about them to the collector agent.
The collector agent must be installed on at least one domain controller to send the
information received from the DC agents to the FortiGate unit.
The FortiGate unit uses this information to maintain a copy of the domain controller user
group database. Because the domain controller authenticates users, the FortiGate unit
does not perform authentication. It recognizes group members by their IP address.
You must install the Fortinet Server Authentication Extensions (FSAE) on the network and
configure the FortiGate unit to retrieve information from the Directory Service server. For
more information about FSAE, see the FSAE Technical Note.
To view the list of Directory Service servers, go to User > Directory Service.
Figure 384: Example Directory Service server list
Create New Add a new Directory Service server.
Name Select the Expand arrow beside the server/domain/group name to
display Directory Service domain and group information.
AD Server The name defined for the Directory Service server.
Domain The domain name imported from the Directory Service server.
Groups The group names imported from the Directory Service server.
FSAE Collector IP The IP addresses and TCP ports of up to five FSAE collector agents
that send Directory Service server login information to the FortiGate
unit.
Delete icon Delete this Directory Service server.
Edit icon Edit this Directory Service server.
Expand Arrow (Directory Service server)
Domain and groups
Edit User/Group
Add User/Group
Edit
Delete

Table of Contents