Skip to main content
T2P
T2P
New Member
May 25, 2021
Question

LDAP interface used in GUI and CLI are not the same

  • May 25, 2021
  • 2 replies
  • 2471 views

Hi,

 

I'm new with Fortigate and we have deployed an AWS EC2 Fortigate NGFW v7.0.0 build0066 in one of AWS regions.

We want to allow internet access to users thru their Active Directory accounts/groups.

And, we're testing LDAP as a possible solution.

 

The firewall is configured in split-VDOM (Root and FG-Traffic)

Creation of the LDAP in the console was successful. Testing of user and credentials are okay.

And, directory tree was displayed when browsed.

 

But when we closed and save the LDAP creation window and access it again the LDAP failed with an error of lda_-3 or Invalid LDAP server. Same thing happens if we repeat the same to create a new LDAP server in the console.

 

In our troubleshooting, we found out that the console or GUI uses the Management interface to communicate with the AD server. While in CLI, the interface used was the interface we set in "set source-IP xxx.xxx.xxx.xxx. Testing in CLI seems consistently successful.

 

Seems the set source-IP is not being used in the console/GUI.

How do we make the LDAP GUI use the same IP  we set in "set source-IP.." in CLI?

 

Please help.

 

Thanks and regards,

 

Tony

 

 

 

 

      2 replies

      Hemin88
      Hemin88
      Explorer III
      March 5, 2025

      Hi @T2P 

      Could you please share your config?
      Also, the firewall rule that allows comms with the AD 

       

      Thanks 
      Hemin

      dingjerry_FTNT
      Staff
      dingjerry_FTNT
      Staff
      March 5, 2025

      Hi @T2P ,

       

      Do you have HA enabled for your FGT?  If yes, please share your HA configuration.

       

      show sys ha

      Terms & ConditionsAccessibility statement