Hi guys,
Kindly confirm if we can fetch the LDAP uses directly in the security policies without creating the user objects.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes, it is possible to fetch LDAP users directly in security policies on a FortiGate firewall without creating user objects. FortiGate supports LDAP authentication for user-based security policies.
To configure this, you need to set up the LDAP server settings and configure the security policies accordingly. Here's a general outline of the steps involved:
1. Configure the LDAP Server:
- Go to "User & Device" > "Authentication" > "LDAP Servers" in the FortiGate web interface.
- Click on "Create New" to configure a new LDAP server.
- Provide the necessary details such as server IP address, port, protocol, and authentication credentials.
- Test the connection to ensure that the FortiGate can communicate with the LDAP server successfully.
2. Configure Security Policies:
- Go to "Policy & Objects" > "IPv4 Policy" (or "IPv6 Policy") in the FortiGate web interface.
- Create or edit an existing security policy that you want to apply LDAP authentication to.
- In the "Source User" field, select "LDAP" instead of a specific user or user group.
- Specify the relevant source IP, destination, and service information for the policy.
By configuring the security policy to use LDAP as the source user, the FortiGate firewall will query the LDAP server during the authentication process to validate the user credentials.
Keep in mind that the LDAP server needs to be properly configured with the necessary user attributes and mappings for successful authentication. Additionally, the FortiGate firewall must have connectivity to the LDAP server.
It is recommended to consult the FortiGate documentation or reach out to Fortinet support for specific configuration details based on your FortiGate firmware version and LDAP server setup.
unable to see the LDAP option in source field.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.