About judit

judit · 05-16-2019

Hello, for a customer I have configured kerberos authentication over explicit proxy. When the customer is in the LAN kerberos authentication works fine, the user and the AD-group membership is recognized by the fortigate. When the user is working ove...

judit · 04-17-2019

Hi,I have configured kerberos authentication against windows AD with explicit proxy yesterday and it works fine. I have moved a user from an AD group to another AD group today, but the fortigate firewall still does not recognize the change of the AD ...

judit · 10-23-2018

Hello, I have to convert a Checkpoint to a Fortigate Firewall. I use the new converter 5.5.0 Build0430. I have received an objectsC file from the checkpoint firewall administartor. It is in a text format (not binary). When uploading the objects.file ...

judit · 11-24-2017

I am looking for this option in the cli in the version 5.6.2. I can't find it. I tried to restrict the access in the firewall policy to one specific source ip address, but it doesn' twork. config vpn ssl settings config authentication-rule edit 1 set...

judit · 11-05-2015

Hello together,I have configured a Fortigate-30D wirh PPPoE on the WAN interface. The PPP Dial-In doesn't work. In the attached trace I only see that the peer is terminating my session after checking the login credentials. As modem I use a dlink rout...

judit · 10-20-2021

I have upgraded from 6.4.6 to 6.4.7 and the local fsso connectors are up now. But the fortigate still cannot read the event logs and the I don't see any authenticated users on the fortigate. I see this error:smbcd: rpc_cmd_eventlog_read:944 init=0, e...

judit · 05-20-2019

I have found the solution on google: Turns out that this was a problem with Windows Kerberos using UDP. There was a registery hack we had to make on all systems that forced kerberos to use TCP. This corrected the issue. Please check MS tech note Q244...

judit · 05-16-2019

Hi, Fortinet Support told me today to upgrade to 6.0.xbecause in 5.6 there is no way to set a hard timeout for the proxy with kerberos. There are new commands introduced in 6.0 that should help you with your issue:config system global set proxy-auth-...

judit · 05-16-2019

Did you set the 'active-auth-scheme' in config auth setting? config authentication setting set active-auth-scheme "Kerberos" end

judit · 05-08-2019

Hi, thank you for your reply. I have configured authentication hard timeout for the user and for the user groups and have set the commando 'set ip-based disable', but the fortigate still doesn't recognize ad-group membership Change within 60 minutes....

User Statistics

User Activity

Kerbereos authentication on microsoft direct access and forticlient

Kerberos, explicit proxy and ad group membership change

Converting Checkpoint Smartcenter to Fortigate 5.6

SSLVPN how to exclusively filter Client access per single IP and usergroup on 5.6

PPPoE with Fortigate-30D doesn't work

Re: Poll Active Directory issue after installed the Windows Server update KB5004948

Re: Kerbereos authentication on microsoft direct access and forticlient

Re: Kerberos, explicit proxy and ad group membership change

Re: Explicit Proxy with Kerberos auth not working

Re: Kerberos, explicit proxy and ad group membership change