Fortinet FSAE user manual

User manual for the device Fortinet FSAE

Device: Fortinet FSAE
Category: Network Card
Manufacturer: Fortinet
Size: 0.35 MB
Added : 2/4/2014
Number of pages: 20
Print the manual

Download

How to use this site?

Our goal is to provide you with a quick access to the content of the user manual for Fortinet FSAE. Using the online preview, you can quickly view the contents and go to the page where you will find the solution to your problem with Fortinet FSAE.

For your convenience

If looking through the Fortinet FSAE user manual directly on this website is not convenient for you, there are two possible solutions:

  • Full Screen Viewing - to easily view the user manual (without downloading it to your computer), you can use full-screen viewing mode. To start viewing the user manual Fortinet FSAE on full screen, use the button Fullscreen.
  • Downloading to your computer - You can also download the user manual Fortinet FSAE to your computer and keep it in your files. However, if you do not want to take up too much of your disk space, you can always download it in the future from ManualsBase.
Fortinet FSAE User manual - Online PDF
Advertisement
« Page 1 of 20 »
Advertisement
Print version

Many people prefer to read the documents not on the screen, but in the printed version. The option to print the manual has also been provided, and you can use it by clicking the link above - Print the manual. You do not have to print the entire manual Fortinet FSAE but the selected pages only. paper.

Summaries

Below you will find previews of the content of the user manuals presented on the following pages to Fortinet FSAE. If you want to quickly view the content of pages found on the following pages of the manual, you can use them.

Abstracts of contents
Summary of the content on the page No. 1

TECHNICAL NOTE
Fortinet Server Authentication
Extension
Version 1.5
www.fortinet.com

Summary of the content on the page No. 2

Fortinet Server Authentication Extension Technical Note Version 1.5 01 October 2007 01-30005-0373-20071001 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc. Trademarks Dynamic Threat Prevention System (DTPS), APSecure

Summary of the content on the page No. 3

Contents Contents Using FSAE on your network............................................................ 5 FSAE overview................................................................................................... 5 Installing FSAE on your network ..................................................................... 7 Installing FSAE.............................................................................................. 7 Configuring FSAE on Windows AD ..............................

Summary of the content on the page No. 4

Contents Fortinet Server Authentication Extension Version 1.5 Technical Note 4 01-30005-0373-20071001

Summary of the content on the page No. 5

Using FSAE on your network FSAE overview Using FSAE on your network The Fortinet Server Authentication Extension (FSAE) provides seamless authentication of Microsoft Windows Active Directory users on FortiGate units. This chapter describes how to install and configure FSAE on your Microsoft Windows network and how to configure your FortiGate unit to authenticate users using FSAE. The following topics are included in this chapter: • FSAE overview • Installing FSAE on your network • Configuri

Summary of the content on the page No. 6

FSAE overview Using FSAE on your network Figure 1: FSAE with DC agent In Figure 1, the Client User logs on to the Windows domain, information is forwarded to the FSAE Collector agent by the FSAE agent on the domain controller, and if authentication is successful, the information is then sent via the collector agent to the FortiGate unit. Figure 2: NTLM FSAE implementation In Figure 2, the Client User logs on to the Windows domain. The FortiGate unit intercepts the request, and requests infor

Summary of the content on the page No. 7

Using FSAE on your network Installing FSAE on your network Installing FSAE on your network FSAE has two components that you must install on your network: • The domain controller (DC) agent, which must be installed on every domain controller • The collector agent, which must be installed on at least one domain controller The FSAE installer first installs the collector agent. You can then continue with installation of the DC agent, or install it later by going to Start > Programs > Fortinet > F

Summary of the content on the page No. 8

Configuring FSAE on Windows AD Using FSAE on your network 9 Select Next and then select Install. 10 When the FSAE InstallShield Wizard completes, ensure that Launch DC Agent Install Wizard is enabled and select Finish. The FSAE - Install DC Agent wizard starts. 11 Check the Collector Agent IP address. If the Collector Agent computer has multiple network interfaces, ensure that the one that is listed is on your network. The listed Collector Agent listening port is the default. You should chan

Summary of the content on the page No. 9

Using FSAE on your network Configuring FSAE on Windows AD FSAE sends information about Windows user logons to FortiGate units. If there are many users on your Windows AD domains, the large amount of information might affect the performance of the FortiGate units. To avoid this problem, you can configure the FSAE collector agent to send logon information only for groups named in the FortiGate unit’s firewall policies. On each domain controller that runs a collector agent, you need to configur

Summary of the content on the page No. 10

Configuring FSAE on Windows AD Using FSAE on your network To configure the FSAE collector agent 1 From the Start menu select Programs > Fortinet > Fortinet Server Authentication Extension > Configure FSAE. 2 Enter the following information and then select Save and Close. Monitoring user logon events Enable to automatically authenticate users as they log on to the Windows domain. Support NTLM authentication Enable to facilitate logon of users who are connected to a domain that does not have th

Summary of the content on the page No. 11

Using FSAE on your network Configuring FSAE on Windows AD Password Enter the password that FortiGate units must use to authenticate. The maximum password length is 16 characters. The default password is “fortinetcanada”. Timers Workstation verify interval Enter the interval in minutes at which FSAE checks whether the user is still logged in. The default is every 5 minutes. If ports 139 or 445 cannot be opened on your network, set the interval to 0 to disable the check. See “Configuring TC

Summary of the content on the page No. 12

Configuring FSAE on Windows AD Using FSAE on your network Note: If no filter is defined for a FortiGate unit and there is no default filter, the collector agent sends all Windows AD group and user logon events to the FortiGate unit. While this normally is not a problem, limiting the amount of data sent to the FortiGate unit improves performance by reducing the amount of memory the unit uses to store the group list. To view the FortiGate Filter List 1 From the Start menu select Programs > For

Summary of the content on the page No. 13

Using FSAE on your network Configuring FSAE on Windows AD 4 Enter the following information and then select OK. Default Select to create the default filter. The default filter applies to any FortiGate unit that does not have a specific filter defined in the list. FortiGate Serial Enter the serial number of the FortiGate unit to which this filter applies. This field is not available if Default is selected. Number Description Enter a description of this FortiGate unit’s role in your network. For

Summary of the content on the page No. 14

Configuring FSAE on FortiGate units Using FSAE on your network Configuring FSAE on FortiGate units To configure your FortiGate unit to operate with FSAE, you • specify the Windows AD servers that contains the FSAE collector agents • add Active Directory user groups to new or existing FortiGate user groups • create firewall policies for Windows AD Server groups • optionally, specify a guest protection profile to allow guest access Specifying your collector agents You need to configure the FortiG

Summary of the content on the page No. 15

Using FSAE on your network Configuring FSAE on FortiGate units Viewing information imported from the Windows AD server You can view the domain and group information that the FortiGate unit receives from the AD Server. Go to User > Windows AD. Figure 3: List of groups from Active Directory server Edit Refresh Delete AD Server Domain Groups Create New Add a new Windows AD server. Name AD Server The name defined for the Windows AD server. Domain Domain name imported from the Windows AD server. Gro

Summary of the content on the page No. 16

Configuring FSAE on FortiGate units Using FSAE on your network Figure 4: New User Group dialog box 3 In the Name box, enter a name for the group, Developers, for example. 4 From the Type list, select Active Directory. 5 From the Protection Profile list, select the required protection profile. 6 From the Available Users list, select the required Active Directory groups. Using the CTRL or SHIFT keys, you can select multiple groups. 7 Select the green right arrow button to move the selected groups

Summary of the content on the page No. 17

Using FSAE on your network Testing the configuration Allowing guests to access FSAE policies Optionally, you can allow guest users to access FSAE firewall policies. Guests are users unknown to the Windows AD network and servers that do not log on to a Windows AD domain. To allow guest access, use the FortiGate GUI or CLI to specify a guest protection profile for your FSAE firewall policy. For example config firewall policy edit FSAE_policy set fsae-guest-profile strict end You can specify any

Summary of the content on the page No. 18

NTLM authentication Using FSAE on your network 3 The client connects again, and issues a GET-request, with a Proxy-Authorization: NTLM header. is a base64-encoded NTLM Type 1 negotiation packet. 4 The FortiGate unit replies with a 401 “proxy auth required” status code, and a Proxy-Authenticate: NTLM (a bae64- encoded NTLM Type 2 challenge packet. In this packet is the challenge nonce, a random number chosen for this negotiation that is

Summary of the content on the page No. 19

www.fortinet.com

Summary of the content on the page No. 20

www.fortinet.com


Alternative user manuals
# User manual Category Download
1 Fortinet FortiAnalyzer 1000B User manual Network Card 79
2 Fortinet FortiAnalyzer FortiDB-400B User manual Network Card 29
3 Fortinet FortiDB-1000B User manual Network Card 8
4 Fortinet FortiAnalyzer 3.0 MR7 User manual Network Card 17
5 Fortinet FortiDB-2000B User manual Network Card 10
6 Fortinet FortiBridge 2002F User manual Network Card 2
7 Fortinet FortiGate 1000A-LENC User manual Network Card 8
8 Fortinet FortiGate 224B User manual Network Card 36
9 Fortinet FortiBridge 1000 User manual Network Card 4
10 Fortinet FortiGate 300 User manual Network Card 65
11 Fortinet FortiGate 3000 User manual Network Card 9
12 Fortinet FortiGate 100 User manual Network Card 1532
13 Fortinet FortiGate 3016B User manual Network Card 3
14 Fortinet FortiGate 110C User manual Network Card 573
15 Fortinet FortiGate 310B-LENC User manual Network Card 10
16 Sony BTA-NW1A User manual Network Card 2
17 Sony BKMW-E3000 User manual Network Card 2
18 Sony AC-SQ950D User manual Network Card 0
19 Sony BBV RX100 User manual Network Card 3
20 Sony CLIE A-AVZ-100-11 User manual Network Card 1