Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Oskar
New Contributor II

How integrate AD with forticlient CLOUD EMS

How integrate AD with FortiClient CLOUD EMS

7 REPLIES 7
btan
Staff
Staff

Hi Oksar,

 

The procedure should be the same as on-prem EMS:
https://docs.fortinet.com/document/forticlient/7.0.6/ems-administration-guide/123277/adding-endpoint...

Regards,
Bon
Oskar
New Contributor II

emmm... So what? I need open port from the internet to my AD servers?

So how can i do this safely? bcs open port to AD servers is not very secure options.

btan

You have to indeed open port to at least your EMS Cloud server public IP.
You can locate your EMS public IP in the about tab at the bottom left when you login to EMS Cloud.

Regards,
Bon
Oskar
New Contributor II

Still not very safe if someone spoof ip adress.

minusnine

Did you ever get this implemented? I don't understand which IP to use on the EMS Cloud config to see the internal AD Server? I've found my public address for EMS Cloud to allowlist to the internal AD server - but how would EMS Cloud know how to route to the internal address of the AD Server?

DanielSan

Well, first you have to open ports for LDAP(s) on some your public IP, and instead of opening it to all (internet), you will use as source IP your Public IP of FortiClient EMS Cloud. 

mhaneke
New Contributor III

Opening Ports to LDAPs or much worse to Windows AD servers on Your firewall is insecure!

 

To end all that bad guessing. There is an ADConnector. See FortiDocs here: https://docs.fortinet.com/document/forticlient/7.2.2/ems-administration-guide/787816/ad-connector

 

best regards
Martin Haneke
best regardsMartin Haneke
Labels
Top Kudoed Authors