I'm in (what I think may be) a weird situation. I have a FortiGate 30D, and I'm trying to set up an SSL VPN portal through which users can access a few network shares. I want to set it up so that the users can access the portal using their AD credentials. Our domain is the child in a parent-child trust, and none of the users are located directly on the child domain, only on the parent. The groups in our domain (the child) just contain global groups whose users are located directly on the parent domain server.
I have admin rights to the child domain, but not the parent; and the admins on the parent domain will not make any changes to the server. I assume the necessary ports on the parent domain are closed, because the FGT 30D cannot contact it. The FGT can contact the child server, and I have added the appropriate AD groups to the SSL VPN Users group, but the AD credentials are still not being accepted. Also, I created a Single Sign-On group using the child server, but when I attempt to add it to a policy, I get an "Entry not found" error.
I read somewhere that the FGT can't authenticate through AD unless the users are located directly on the server. Is this true? Does this mean I won't be able to authenticate through the child server? And is this why my SSO group isn't working?
Any help would be greatly appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Update: I've received word from Fortinet support that users do in fact need to reside directly in the domain to which the firewall authenticates. Basically, authentication cannot go through the child domain to the parent.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1717 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.