i configured LDAP on all our Firewall and it works prefect! We're using 3040B Fortis with Firmware v5.2.13,build762.
The Cluster is Active-Passive.
config system ha set group-name "fw-CUST" set mode a-p set password ENC set hbdev "wan1" 50 "wan2" 25 set session-pickup enable set ha-mgmt-status enable set ha-mgmt-interface "mgmt2" set ha-mgmt-interface-gateway 10.152.220.1 set override enable set override-wait-time 600 set monitor "mgmt1" "port13" "port24"
config system interface edit "mgmt1" set vdom "root" set ip 10.152.220.40 255.255.255.0 set allowaccess ping https ssh snmp set vlanforward enable set type physical set alias "mgmt-cluster" set snmp-index 1 next edit "mgmt2" set ip 10.152.220.41 255.255.255.0 set allowaccess ping https ssh snmp set vlanforward enable set type physical set alias "mgmt-CUSA" set snmp-index 2
And now my problem, when i hit each Firewall by the common ip, , then i can log in with the LDAP User
BUT when i use the cluster IP... it fails on the Firewall!
How about to start with fnbamd debug, packet sniffer to be sure that you are using right LDAP and that LDAP packets flow to and from LDAP server as expected. Also that LDAP responds as expected, as it might limit access from certain subnets/IPs and so maybe cluster IP is not allowed in.
Also, how/where are you trying to login .. SSLVPN , admin GUI etc. ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.