FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vrajendran
Staff
Staff

Description
This article is a brief discussion of the advantages and disadvantages of using Standard versus Advanced Windows Directory Access Methods on the Collector Agent.
Solution
The main difference between Standard and Advanced mode is the naming convention for identifying groups.

Standard mode:- uses the regular Windows convention: Domain\Username
Advanced mode:- uses LDAP: CN=User, OU=Name, DC=Domain

If there is no special requirement to use LDAP Fortinet recommend a setup of FSSO in Standard mode.  This mode is easier to setup, has less configuration, and is usually easier to maintain and troubleshoot.

Standard mode will provide same level of functionality as Advanced mode except for:

Users have to create Group filters from Collector agent and not from FortiGate as with Advanced mode.   This should not be a constraint and Fortinet strongly encourages users to create filters from CA.

Advanced mode supports nested groups.  This means that users may be a member of multiple monitored groups.  Standard mode does not support nested groups so a user must be a direct member of the group being monitored.

 

Related Articles

Technical Note : FSAE Troubleshooting Guide

Contributors