Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chrisW4
New Contributor III

Created on ‎11-09-2023 03:53 AM

KDC Proxy

It looks like only with KDC Proxy setup my SMB Shares can be accessed by ZTNA Users.

Problem is that the KDC Proxy Setup is not very well described nor I find a detailled description on the web that helps me figure out enough details.

 

There is this Fortinet article

 

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/553746/ztna-access-proxy-wit...

 

And I also found this for KDC setup.

 

https://syfuhs.net/kdc-proxy-for-remote-access

 

My biggest question is, what is the correct URL that needs to be entered in the client Group policy so KDC Proxy is reached.

Another question is if and how I can 

Christoph Christian
Christoph Christian
Labels:
2485
0 Kudos
5 REPLIES 5
Hatibi
Staff
Staff

Created on ‎11-10-2023 01:36 AM

Hi Christoph,

 

the guide you shared actually specifiec the registry settings to be applied:

 

Configuring registry keys on clients

If you are trying to deploy these settings on a client machine that cannot retrieve group policy updates, manually configure the registry keys for the client:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos]
"KdcProxyServer_Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\KdcProxy\ProxyServers]
"*"="<https kdcproxy.fortitest.net />" or ".fortitest.net"="<https kdcproxy.fortitest.net />"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
"NoRevocationCheck"=dword:00000000

 

Regards

2454
chrisW4
New Contributor III
In response to Hatibi

Created on ‎11-20-2023 01:14 AM

In the client registry there is no Kerberos Section at all

Christoph Christian
Christoph Christian
2413
0 Kudos
chrisW4
New Contributor III

Created on ‎11-27-2023 07:27 AM

I managed to use Kerbereos now!

 

Problem is that my network drives are defined in group policys.

So when connecting via ZTNA the drives are not reconnected.

 

Is there another port or Service that can be used via ZTNA to apply group policys?

Only option at the moment is to enter

 

net use * /delete /y

Then I can connect a drive again manually.

 

Christoph Christian
Christoph Christian
2372
nsgill
New Contributor
In response to chrisW4

Created on ‎01-05-2024 04:57 AM

Hi Christian,

 

Is SMB driving working for you now without prompting for username and password through ZTNA.

2177
chrisW4
New Contributor III
In response to nsgill

Created on ‎01-08-2024 10:55 PM

Only when I connect new shares, existing ones that were connected within domain are not reconnected at all

Christoph Christian
Christoph Christian
2164
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.