FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Solution This requires that FSSO is configured on the FortiGate. To view the user information on pages other than Firewall monitor, 'Device Detection' has to be enabled on the interface. The user-info-server variable in user FSSO configuration is used to select the LDAP server that is used for retrieving user information. After a valid FSSO user is authenticated, the FortiGate will try to get additional user information from the LDAP server.
To configure the user.
1) Configure the LDAP user.
# config user ldap edit "AD-LDAP" set server "10.1.100.131" set server-identity-check disable set cnid "cn" set dn "dc=fortinet-fsso,dc=com" set type regular set username "cn=Administrator,cn=users,dc=fortinet-fsso,dc=com" set password ENC MTAwNIJ4Fk+smJ/CVOuEG2Pjphc5nzumAuRTGjEWiWny1qOB3UYLgYJovcNg1lLkXIFKf9Ov rYNSrt4gfdchKGsLbQbruvHxE1MeEdcw+G7IpNsgUWX1Dlc0uwEKsBuZMGptI5scsEzG1Lqe6H2 J9F9Dok2cqwEX8MCYmStlDc9z11Rl30KkwCdn6wzCS3t+Xq+DPg== set secure ldaps set ca-cert "CA_Cert_1" set port 636 next end
2) Configure the FSSO user.
# config user fsso edit "ad-214" set server "10.1.100.142" set password ENC JvwNFvjbXd7T0qsYkO18K8k+DZlHFwDvc7CAv6gHD1nvE7nu8tlaQrWf/tK5o0jDChqkUUG7Wm yqeGupJmTFYzDTB4szvVUafR4D0BKVCt8AaULybjoAtJb6NvU2Hu7P0Trnh08p930hleR13r4mB HjLmNEyBZgvB6jz7bOZYtKaQdkCn/9KKrjAteVjWqxcqYCEvw== set user-info-server "AD-LDAP" next end
To verify that information is being collected per user.
