Hello All, We got FortiGate 60F V6.2.4 , and need to import all useres (O365 is our source list for users) to the VPN. I managed to create useres manually at Users & Device/User Definition and worked normally but i have to add more than 200 other users. Can't find the settings to import from csv file at once. Any help please ? Regards, Mohamed
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
if you have o365 you have MS-AD services. Just define a user-group that matches the MS group and avoid adding users. Adding users manually creates overhead for add/changes/deletions. if you tie a user group to a users group in fortios you have less overhead and vpn is controlled centrally at MS AD ( i.e remove the user from the group, lock the account,etc......)
If you do not want to do MS-AD ldap , radius ( NPS ) would be the next best great thing.
Ken Felix
PCNSE
NSE
StrongSwan
emnoc wrote:Thanks for your feedback, but we don't want integration with MS AD. Is there any way to just import useres via csv file ??if you have o365 you have MS-AD services. Just define a user-group that matches the MS group and avoid adding users. Adding users manually creates overhead for add/changes/deletions. if you tie a user group to a users group in fortios you have less overhead and vpn is controlled centrally at MS AD ( i.e remove the user from the group, lock the account,etc......)
If you do not want to do MS-AD ldap , radius ( NPS ) would be the next best great thing.
Ken Felix
Well if you have o365 I'd also suggest using AD integration for that's the easiest and most elegant solution for this.
Importing usere to the FGT would require you to write some converter script or app to generate the corresponding FortiOS Cli-Script output to import into thr FGT. Also if a User changes passwort or is deleted you have to perform this in your AD and on your FGT...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi,
there is NO import option for local users on FortiGate (from any format, not just from CSV).
Such option exist only on FortiAuthenticator, but that's different product and 'league'.
However as mentioned here .. 1.
first, via direct integration you will save a lot of headache as your users will have separate passwords on O365 and on FortiGate. Plus you will have to manually set all those up and maintain their group membership. So maybe integration is not that bad idea and is quite used solution, as it let's you drive all the permissions from AD.
2.
CLI config of 'config user local' is pretty simple and even simple bash/MS-cmd script might be enough to generate that config section, then copy and paste that to config backup from your unit, and restore such enhanced config back.
Groups can be handled as well. That's simplest way.
3.
As you mentioned O365, then maybe you do not have Domain Services in Azure, to make LDAP integration. But even without that you might consider SAML integration. But it's again a bit more complicated then plain users in local storage on FortiGate, but similarly flexible to point 1. If you want to learn more about that then check https://docs.fortinet.com and FortiGate integration with SAML.
4. not mentioned before but I can't keep that out .. how about to upgrade 6.2.4 (released year ago) to something more recent, or do you have some serious reason for keeping that old version ?
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
To Mohammad, any reason that you do not want to integrate? And have thought of how you want to manage passwords for X amount of users?
SAML is pointed out is a great alternative it quite simple, o just need to define the saml-user place it in a group and your authentication rules.
Diagnostic and troubleshooting would be slightly more complex, fwiw.
Ken Felix
PCNSE
NSE
StrongSwan
Additionally, when I needed to do a one time conversion job not worth writing a script, I did such conversions (From VDOM to VDOM, from model to model of Fortigate) in Notepad++ with its Find&Replace command, was quite easy and productive.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.