Hi Guys,
i configured LDAP on all our Firewall and it works prefect! We're using 3040B Fortis with Firmware v5.2.13,build762.
The Cluster is Active-Passive.
config system ha
set group-name "fw-CUST"
set mode a-p
set password ENC
set hbdev "wan1" 50 "wan2" 25
set session-pickup enable
set ha-mgmt-status enable
set ha-mgmt-interface "mgmt2"
set ha-mgmt-interface-gateway 10.152.220.1
set override enable
set override-wait-time 600
set monitor "mgmt1" "port13" "port24"
config system interface
edit "mgmt1"
set vdom "root"
set ip 10.152.220.40 255.255.255.0
set allowaccess ping https ssh snmp
set vlanforward enable
set type physical
set alias "mgmt-cluster"
set snmp-index 1
next
edit "mgmt2"
set ip 10.152.220.41 255.255.255.0
set allowaccess ping https ssh snmp
set vlanforward enable
set type physical
set alias "mgmt-CUSA"
set snmp-index 2
And now my problem, when i hit each Firewall by the common ip, , then i can log in with the LDAP User
BUT when i use the cluster IP... it fails on the Firewall!
What can i do?
Need help! Cheers Raffa
thanks in advanced Rafael
How about to start with fnbamd debug, packet sniffer to be sure that you are using right LDAP and that LDAP packets flow to and from LDAP server as expected. Also that LDAP responds as expected, as it might limit access from certain subnets/IPs and so maybe cluster IP is not allowed in.
Also, how/where are you trying to login .. SSLVPN , admin GUI etc. ?
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
thanks tomas,
as i wrote, the LDAP authentification works! the problem is that when i try to login to the firewall through the global cluster address it doesn't work!
when i connect direkt to the fwA it works! when i connect to FwB it works...when i try to login via the cluster IP --> it doesnt work and i cant see any debug!
i try to connect via the inband managment direct local admin gui, there are no limits...its the admin network!
regards rafael
thanks in advanced Rafael
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.