Hi Guys,
Is anyone using the communication between Fortigate and LDAP over SSL. I would like to move the configuration from default to SSL so that there is secure communication between the components. Please suggest if there will be any downtime in moving the configuration which I want to achieve?
Thanks in advance!
Regards,
Sandeep Jha
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
IF the config is done right then there is NO downtime at all. LDAP server can be set to LDAPs already, communication in both LDAP and LDAPs. And then just set certs and LDAPs on FGT side.
As I said, if done properly it will start to work instantly.
Best regards, Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Great!
Thanks for quick response Tomas!!! Appreciate it
I will do the configuration..
Regards,
Sandeep Jha
Hi Tomas,
I was doing this in my lab but having issues setting it up. Do you have any idea where to import the certificate (downloaded from Fortigate) in LDAP server to make this working?
Please note that I am using Windows 2008 Server as LDAP server.
Thanks,
Sandeep Jha
Hello Friends,
Have anyone configured the secure LDAP in Fortigate? If yes, can you please confirm if below procedure is right-
1. Tick the LDAPS option in GUI (over port 636)
2. Select the Fortinet CA certificate and select OK.
3. Import the Fortinet CA certificate in trusted root certificate at LDAP Server.
4. Test the connection between LDAP server and Fortigate using SSL.
I am not that good at certificate management, so please confirm if this is fine?
Thanks,
Sandeep Jha
Hi,
You have to make sure your ldap server have enabled ldaps, normally enabling ldaps requires certificate that mean you must have CA. In this point very important thing is CA's certificate, you have to export this certificate from your CA some case it built-in on your Ldap server then import this certificate to your FGT then configure ldaps on FGT with username password that have permission to query users on your LDAP server.
step to export CA's Certificate [link]https://support.microsoft.com/en-us/kb/555252[/link]
Thank you,
Piyanut
Thanks for the details. Do you have reference document on how to enable the LDAPS on the server?
Regards,
Sandeep Jha
Sorry for this. I never done it before on enable ldaps server but I done success connect FGT with ldaps server followed step I have posted. I suggest easy way to try checking port 636 enabled or not then try to export certificate follow step in below link,
https://support.microsoft.com/en-us/kb/555252
Regards,
Piyanut
No problem. Thanks for confirming the steps..I will ask Server managing guy to enable LDAPS and would import CA into Fortigate. :)
Thanks,
Sandeep Jha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.