LDAP Authentication

Forum|Forum|3 months ago
February 18, 2026
2 replies
185 views

I login to the fortigate web admin using my LDAP User and here my config. Everything is working fine, i able to log on to the Firewall. But when i upgrade the firmware on primary firewall then when secondary firewall take over then i can't login using LDAP users.

If i remove set source-ip then both firewall able to login. Anyone know why?

IP 10.202.151.1 is interface on Fortigate which connected to the LAN (Core Switch)

FW01 (AD) # show
config user ldap
edit "AD"
set server "10.203.248.31"
set source-ip "10.202.151.1"
set cnid "sAMAccountName"
set dn "dc=mydomain,dc=id"
set type regular
set username "mydomain\\admin.forti"
set password ENC xxxxxxxxxxxxx
next
end

FortiGate

mpapisetty

Staff

Hi @HS08

Would you mind sharing information on which interface has that source ip of 10.202.151.1? Is it some sort of reserved management interface that is not shared across both cluster units?

HS08Author

Visitor III

10.202.151.1 is not mgmt interface but LAN interface so both FGT will have this IP.

tbarua

Staff

Hi HS08,

Please check this kb and cross-check if this issue matches with your case:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-When-ha-direct-is-enabled-the-source-ip-setting/ta-p/299994

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded