To simplify the process and centralize the authentication, I decided to use Windows 2008 AD as LDAP server and setup LDAP authentication on three fortigate to reduce the management process.
On Windows 2008:
1. Create a group on AD for SSL VPN clients. (SSLVPN Group)
2. Create an account on AD and as a member of "SSLVPN Group"
On Fortigate:
3. User -> Remote, on LDAP tab, click "Create New" icon.
4. Fill in the information. (See below for example)
- Name: SSLVPN Client
- Server Name/IP: 192.168.2.2
- Server Port: 389 (default)
- Common Name Identifier: sAMAccountName (Can select one of AD account attributes.
ex: cn or userPrincipalName)
- Distinguished Name:
ex1: ou=TPE,dc=ppp,dc=corp (User account need to belong to "TPE" ou for authentication.
the account in other ou or container (no matter parent or syb) will not be allowed.
ex2: dc=ppp,dc=corp (user can belong to any ou or container under domain for authenticationThis method can work with group restrict to manage account. Please refer Note below.)
- Bind Type: Regular
- Filter: (&(objectcategory=group)(member=*)) <-- this is default value
- User DN: cn=user1,ou=users,ou=tpe,dc=ppp,dc=corp (For AD authentication to get
the AD information)
- Password: password
- Secure Connection: not selected
Note:
Because we need to have a group to restrict the user account on SSL VPN accessing.
We need to add one more setting on Fortigate through CLI.
TPE-FW #config user ldap
TPE-FW (ldap) #edit "SSLVPN"
TPE-FW (SSLVPN) #set group "cn=SSLVPN Group,ou=Permission_Group,ou=TPE,dc=ppp,dc=corp"
end
Refer the document:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=13141&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=1326745&stateId=0%200%201324960
Good manual.Thanks.
ReplyDeletetop10-bestvpn.com
This comment has been removed by the author.
ReplyDeleteThank you.Nice installation guide for VPN client.
ReplyDeleteCool configuration for server.
It works fine.
10webhostingservice
Please share more like that. private internet access review
ReplyDeleteThanks for your post. I’ve been thinking about writing a very comparable post over the last couple of weeks, I’ll probably keep it short and sweet and link to this instead if thats cool. Thanks. Cheap VPN
ReplyDeleteIt's a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a designer to create your theme? Fantastic work!
ReplyDeletehttps://bestcheapvpn.com/hidemyass-vpn-review-comparison/
This comment has been removed by the author.
ReplyDeleteE-enlistment has gone far since its begin. Presently these locales have gone worldwide. gizlilikveguvenlik.com
ReplyDeleteWhen you've contemplated this you will have limited on the kind of administration you need your VPN seller to give. Perusing solid VPN audits can likewise support you pinpoint reasonable competitors. free vpn service
ReplyDeleteWhen you've contemplated this you will have limited on the kind of administration you need your VPN seller to give. Perusing solid VPN audits can likewise support you pinpoint reasonable competitors. free vpn service
ReplyDeleteIdiotic and additionally trusting people at the same time can be an obstacle, on aged and also fully grown folk assembled also will follow a complication. Age and also embryonic concern together. bezoek website
ReplyDeleteIn numerous ventures, the geographic appropriation of work is evolving altogether. gizlilikveguvenlik.com
ReplyDeleteI truly awed after read this in light of some quality work and educational contemplations . I just wanna express profound gratitude for the essayist and want you to enjoy all that life has to offer for coming!. meer informatie
ReplyDeleteThis blog was extremely helpful. I really appreciate your kindness in sharing this with me and everyone else! internetet securite website
ReplyDeleteI'm constantly searching on the internet for posts that will help me. Too much is clearly to learn about this. I believe you created good quality items in Functions also. Keep working, congrats! privacyonline
ReplyDeleteThank you for taking the time to publish this information very useful! nord vpn free trial
ReplyDeleteThis software collects all your email addresses from web pages and daily keywords using the HTTP & HTTPS protocols.Atomic Email Hunter 15.20.0.485 Crack + License Key
ReplyDeleteFree online Excel converter to convert your excel files on the go. Upload your Excel (xls, xlsx) and Open Office tables and get the new file type in seconds .CoolUtils Total Excel Converter Crack
ReplyDeleteThe God words are very inspiring and motivating and one can get hope on reading them. Especially on the occasion of the New Year, it is .
ReplyDeleteEncouraging Bible Verses For Students
In January 2017, Pedro Grendene Bartelle received $3.5million enjoying in} French roulette at Hotel Conrad, Punta del Este, Uruguay. Pedro staked most of his chips on no 32, and his technique and luck turned his $350 into $3.5 million. While roulette strategies can't guarantee a win on each hand, they 텐벳 can help you win extra money. In most instances, combining what you already find out about roulette with these strategies will provide you with|provides you with} the most effective results. No matter what approach you choose, your ultimate objective ought to at all times be to have fun. This method, at the end of the evening, you at all times stroll out, having loved your self each time.
ReplyDelete