Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
T2P
New Contributor

LDAP interface used in GUI and CLI are not the same

Hi,

 

I'm new with Fortigate and we have deployed an AWS EC2 Fortigate NGFW v7.0.0 build0066 in one of AWS regions.

We want to allow internet access to users thru their Active Directory accounts/groups.

And, we're testing LDAP as a possible solution.

 

The firewall is configured in split-VDOM (Root and FG-Traffic)

Creation of the LDAP in the console was successful. Testing of user and credentials are okay.

And, directory tree was displayed when browsed.

 

But when we closed and save the LDAP creation window and access it again the LDAP failed with an error of lda_-3 or Invalid LDAP server. Same thing happens if we repeat the same to create a new LDAP server in the console.

 

In our troubleshooting, we found out that the console or GUI uses the Management interface to communicate with the AD server. While in CLI, the interface used was the interface we set in "set source-IP xxx.xxx.xxx.xxx. Testing in CLI seems consistently successful.

 

Seems the set source-IP is not being used in the console/GUI.

How do we make the LDAP GUI use the same IP  we set in "set source-IP.." in CLI?

 

Please help.

 

Thanks and regards,

 

Tony

 

 

 

 

2 REPLIES 2
Hemin88
New Contributor III

Hi @T2P 

Could you please share your config?
Also, the firewall rule that allows comms with the AD 

 

Thanks 
Hemin

IP Network Engineer
IP Network Engineer
dingjerry_FTNT

Hi @T2P ,

 

Do you have HA enabled for your FGT?  If yes, please share your HA configuration.

 

show sys ha

Regards,

Jerry
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors