Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Amin_meh
New Contributor

ldap problem

i have two vdom , one vdom is policy based and connect to server and client another vdom is profile based and connect WAN .

when  configure ldap server in WAN vdom i problem and don't work .

i check and have access between vdom WAN and DC(in VDOM Server)

 

 

Love Forti
Love Forti
7 REPLIES 7
Toshi_Esumi
Esteemed Contributor III

Not sure what you meant by policy based and profile based VDOMs. But I'm assuming it's about how to apply UTM/UTP.

And, I'm also assuming it's a routing issue between two VDOMs and if you are in the WAN VDOM you can't even ping the LDAP server. How are you routing between two VDOMs to connect WAN and servers? Static routes over a vdom-link or npu-vlink?

 

Toshi

Amin_meh

i used vdom-link and use statick route i have ping

Love Forti
Love Forti
Toshi_Esumi
Esteemed Contributor III

Do you have static routes, one from WAN vdom to server vdom for the server subnet, and a default route from server vdom toward WAN vdom?

Amin_meh

yes

 

Love Forti
Love Forti
Toshi_Esumi
Esteemed Contributor III

Of course you also have sets of policies to allow traffic from/to vdom-link to/from the server interface at least in the server vdom, right?
Then, the ldap server should be reachable from the WAN vdom. Can you ping the server IP from the WAN vdom in CLI? Or can't? If can't, what do you see in traceroute "exe traceroute [server_ip]" from the WAN vdom?

Amin_meh

yes

Love Forti
Love Forti
Toshi_Esumi
Esteemed Contributor III

You seem to be a person of few words. I asked multiple questions then your answer was only one 'yes'. Which one is yes then? Have a proper set of policies or the server is pingable from WAN vdom? Or 'yes' and 'yes', you meant? If not what's in the traceroute?

Labels
Top Kudoed Authors