Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

AliHaider
New Contributor

Created on ‎12-20-2020 10:36 PM

Secure Netlogon and FortiAuthenticator Connectivity

Hello,

Just wanted check if there are any changes required to be made for the FortiAuthenticator connectivity to a DC (for using AD credentials for SSL VPN login). There is an upcoming patch which would restrict communication from any non-compliant devices. 

https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channe...

Any advisory or guidance from Fortinet would be appreciated.



------------------------------
Best Wishes,
Ali H.
------------------------------
Labels:
524
0 Kudos
3 REPLIES 3
seadave
Contributor III

Created on ‎01-28-2021 12:17 PM

I have the same question.  Have you found anything related to this?
512
0 Kudos
AliHaider
New Contributor
In response to seadave

Created on ‎01-28-2021 01:52 PM

Hello,

In our case, it was just defining a new LDAP remote auth server on FAC and setting it to use 636 (LDAPs).  Since this is cert based, we needed to import the CA as well as have connectivity to a DNS which can resolve the FQDN on the cert as well.

then just firewall policies to allow the LDAPs port from FAC to the AD. And RADIUS client configuration for realms (my firewall ops team did that for us) on FAC. 

this is all for our setup ofcourse, so maybe won't map directly to your use case. 

512
0 Kudos
seadave
Contributor III
In response to AliHaider

Created on ‎02-02-2021 08:56 AM

That should work.  We need to get certs in order and then try that approach.  Thanks.
512
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.