Created on
08-23-2019
12:48 AM
Edited on
12-19-2024
02:50 AM
By
Jean-Philippe_P
Description
This article describes how to configure LDAP system administrators in FortiManager for FortiGate.
Scope
FortiManager, FortiGate.
Solution
Go to User & Device -> User Groups to create a new user group. Give it a name with 'Firewall' as the type, and add the Remote Authentication Servers pointing to the LDAP server that was added in step 1:
Troubleshooting.
The following diagnostic commands can be used for live debugging while reproducing the login issue:
diag debug application fnbam 255 <- Up to version 6.4.2
diag debug application auth 255 -> From version 6.4.3
Note:
It is important to allow the communication between the FortiManager and the LDAP server.
When creating the User Group and selecting the 'Remote Authentication Server', FortiManager probes a TCP SYN packet using port 389 or 636 to the LDAP.
If communication is not allowed and the TCP 3-way Handshake cannot be established, there is no way to talk to LDAP and configure properly the User Group.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.