FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article discusses about secondary LDAP server IP configuration.
Solution If there are two AD servers in the network and using one as primary and as secondary, it is possible to configure the same in a single LDAP server configuration.
# config user ldap edit "MyLDAP" set server "10.34.11.83" set secondary-server "10.34.11.84" set tertiary-server '' set source-ip 0.0.0.0 set cnid "sAMAccountName" set dn "cn=fortinet,cn=.com" set type simple set two-factor disable set group-member-check user-attr set group-search-base '' set group-filter '' set secure disable set port 389 set password-expiry-warning disable set password-renewal disable set member-attr "memberOf" set account-key-processing same unset search-type set obtain-user-info enable set user-info-exchange-server '' next end
In the above example, notice there is a single LDAP server configuration 'MyLDAP' and in that, 10.34.11.83 has been configured as the primary LDAP server and 10.34.11.83 as a secondary IP address. So there is a primary server down FortiGate which will try multiple times to reach the primary server and if it will not get any reply it will reach the secondary server IP configured for authentication.
Below are the commands to configure the secondary LDAP server IP and this is CLI only option:
# config user ldap edit LDAPServerName <----- LDAP server name. set secondary-server x.x.x.x end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.