Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

AliHaider
New Contributor

Secure Netlogon and FortiAuthenticator Connectivity

Hello,

Just wanted check if there are any changes required to be made for the FortiAuthenticator connectivity to a DC (for using AD credentials for SSL VPN login). There is an upcoming patch which would restrict communication from any non-compliant devices. 

https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channe...

Any advisory or guidance from Fortinet would be appreciated.



------------------------------
Best Wishes,
Ali H.
------------------------------
3 REPLIES 3
seadave
Contributor III

I have the same question.  Have you found anything related to this?
AliHaider

Hello,

In our case, it was just defining a new LDAP remote auth server on FAC and setting it to use 636 (LDAPs).  Since this is cert based, we needed to import the CA as well as have connectivity to a DNS which can resolve the FQDN on the cert as well.

then just firewall policies to allow the LDAPs port from FAC to the AD. And RADIUS client configuration for realms (my firewall ops team did that for us) on FAC. 

this is all for our setup ofcourse, so maybe won't map directly to your use case. 

seadave

That should work.  We need to get certs in order and then try that approach.  Thanks.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.