Hi,
we have been running different VDOMS for handling different SSLVPN for some customers, with LDAP to their own AD.
Would like to get rid of these VDOMS and use one VDOM for all customers but with different portals.
There´s two drawback with this that I´m aware of and that is that you can´t have different domain suffixes and the other one is the seperation of, in our case, LDAP servers.
We can live with the domain suffix "issue" but is it possible to filter which LDAP server that will be used based on the username? For example, if we would use firstname@domain1.com it would use LDAPServer1 and if the username is firstname@domain2.com use LDAPServer2? I haven´t seen this possibility but without it we can´t change the design since the customers LDAP servers will log and try the credentials for the "wrong domain".
Best Regards
Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden
robin.svanberg@ethersec.se
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Robin,
I understand the problem, and without testing, I think you can make it work if you use "Realms".
You have:
Customer1
Customer2
Customer1:
They would login with https://your_fqdn.com/Customer1
Customer2:
They would login with https://your_fqdn.com/Customer2
You can use different groups to different realms, so you would use the login url to seperate the different customers.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Hi Robin,
I understand the problem, and without testing, I think you can make it work if you use "Realms".
You have:
Customer1
Customer2
Customer1:
They would login with https://your_fqdn.com/Customer1
Customer2:
They would login with https://your_fqdn.com/Customer2
You can use different groups to different realms, so you would use the login url to seperate the different customers.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Selective wrote:Hi Robin,
I understand the problem, and without testing, I think you can make it work if you use "Realms".
You have:
Customer1
Customer2
Customer1:
They would login with https://your_fqdn.com/Customer1
Customer2:
They would login with https://your_fqdn.com/Customer2
You can use different groups to different realms, so you would use the login url to seperate the different customers.
Wasn´t aware of that feature, looks good. Best option would have been the filter based on username/mailadress but realms was not that bad :) Thanks!
You don´t know any solution to use different domain suffixes based on realms or portals?
Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden
robin.svanberg@ethersec.se
Unfortunately you cannot set a dns suffix per portal.
I actually requested that a long time ago, but it´s not implemented yet.
With that said,
You can add more dns suffixes to the configuration like this:
set dns-suffix "customer1.org customer2.se customer3.com"
key length is 255 charactes, domains must be seperated with a space.
Downside is that all customers will have all suffixes when they are conncted.
BUT, if the computer is a member of the active directory domain, the dns suffix would not be needed as the computer adds the suffix by itself.
and you can add different DNS servers per portal, so maybe you can work around it ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1548 | |
1032 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.