Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fullmoon
Contributor III

ldap best practices

Hi,

 

FML Operation mode Server and Gateway

version 6.4.5

 

could someone enlighten me what would be the best practices in working with LDAP profile?

1. Under Recipient Policy I can apply LDAP profile in both directions (Inbound and Outbound).

In my own understanding, applying LDAP profile to my outbound policy making sure that only authenticated ldap users are allowed to send emails to external domains.

What would be the effect if I'm going to apply LDAP profile as well for Inbound?

2. under IP policy there's an option as well to apply LDAP profile. In terms if hierarchy which policy will take action if both IP and Recipient policy has LDAP profile?

 

appreciate if anyone could shed his/her thoughts regarding this.

 

Thanks

 

 

Fortigate Newbie

Fortigate Newbie
1 REPLY 1
vivek101
New Contributor II

Hii,

 

Here are some guidelines to follow while dealing with the LDAP profile in FML Operation mode Server and Gateway:

 

1. When an LDAP profile is applied to the outbound policy, it guarantees that only LDAP users who have been granted authentication may send emails to external domains. Only authorized LDAP users can receive emails from external domains if the LDAP profile is also applied to the inbound policy. Limiting inbound emails to users who have been validated, adds another degree of protection.

 

2. The hierarchy determines which policy takes effect if both the IP policy and the Recipient policy have LDAP profiles applied. The IP policy usually prevails over the recipient policy. Therefore, regardless of the LDAP profile applied in the Recipient policy, if the IP policy has an LDAP profile applied, it will be implemented.

 

Hope my answer is relatable.

 

Vivek Garg
Vivek Garg
Labels
Top Kudoed Authors