Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WHFIT
New Contributor

Created on ‎04-18-2020 01:10 PM

Issue with LDAP Authentication

We use a Fortigate 500E for our MPLS network, we have numerous domains within the MPLS (in the process of migrating to one domain) but we have also hit the 4 collector limit so we need to LDAP authentication. LDAP authentication works happily with the main network and ESXi hosts but with some of the inherited hyperv networks it fails to connect as shown below.

 

When testing LDAP on TCP 389 it connects from the HyperV host and from another DC from a 2nd domain happily. Traffic is flowing between the firewall and DC OK so there doesn't seem to be an issue there. 14.130431 port2 out 172.31.255.252.4203 -> 10.131.229.1.389: ack 1676584594 14.130899 WH-PRIMARY-LAN in 10.131.229.1.389 -> 172.31.255.252.4203: 1676584594 ack 3445332631 14.131589 WH-PRIMARY-LAN in 10.131.229.1.389 -> 172.31.255.252.4203: 1676586042 ack 3445332631 14.131592 WH-PRIMARY-LAN out 172.31.255.252.4203 -> 10.131.229.1.389: ack 1676587490 We can't find anything that would cause this in group policy, initially we thought the local firewalls but this has now been turned off to see if that made a difference but it hasn't. Has anyone seen this issue before? Is there anything else I can check to see what is causing this?

1185
0 Kudos
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.