Fortios can provide single signon capabilities to windows ad, citrix, or novell edirectory users with the help of agent software installed on these networks. Enter a group name and set type to fortinet single signon fsso. The agent software sends information about user logons to the fortigate unit. Overview fortiauthenticator is designed specifically to provide authentication services for firewalls, ssl and ipsec vpns, wireless access points, switches, routers, and servers. Fortigate next generation firewall utilizes purposebuilt security processors and threat intelligence security services from fortiguard labs to deliver toprated protection and high performance, including encrypted traffic. In order to install fsso agentbased authentication, the software should be downloaded from the fortinet service and support web portal.
You can create ssoidentity connectors for fortinet single signon fsso agents. Fortigate reduces complexity with automated visibility into applications, users, and network. Your fortigate displays information retrieved from the ad server. The main difference between advanced and standard mode is. When using this setup, it is recommended to position the fortigate physically close to the ca server and ldap server when advanced mode is used so latency is low. On a windows ad network, the fsso software can also serve nt lan manager ntlm requests coming from client browsers forwarded by the fortigate unit. Creating fsso connectors fortinet documentation library.
Configuring fsso on the fortigate fortinet documentation library. Fsso polling connector agent installation fortinet documentation. This method does not require any additional software components, and all the configuration can be done on the fortigate. Active directory groups in identitybased firewall policy. Managing fortios and fsso fortinet documentation library. Fortios can provide single signon capabilities to windows ad, citrix, vmware horizon, novell edirectory, or, as of fortios 5. Agentbased fsso for windows ad fortinet documentation library. In the ssoidentity section, click fortinet single signon agent. Fill in the name, and primary fsso agent server ip address or name and password. Ensure fortimanager can access the ldap server when advanced mode is used. In this recipe, you use agentbased fortinet single signon fsso to allow users to login to the network once with their windows ad credentials and seamlessly access all appropriate network resources. Introduction to fsso fortinet documentation library.
Setting up your fortigate for fsso fortinet documentation library. Fortimanager needs access to the ldap server to define fsso groups. Enter a name, set type to fortinet single signon fsso, and add the fsso group as one of the members. In this recipe, you use agentbased fortinet single signon fsso to allow users to login to the network once with their windows ad credentials and seamlessly. Each firmware version is released together with a corresponding agent version.
The fsso software can obtain this information by polling the ad domain controllers or by using an fsso agent on each ad domain controller that monitors user logons in real time. Installing the fsso agent fortinet documentation library. To install the agent, open the installer file and use the installation wizard. Fsso software installed on a windows ad network monitors user logons and sends the required information to the fortigate unit.
1072 536 285 1351 948 1205 35 154 1522 247 818 1032 24 1032 826 1344 1544 1008 896 203 42 921 147 1331 1416 551 542 60 4 828 154 1070 1232 886 1434 556 597 868 857 218 706 405 412