Fortinet Fortinet 1.5, Technical Note

Page: 11 / 20

Using FSAE on your network Configuring FSAE on Windows AD
Fortinet Server Authentication Extension Version 1.5 Technical Note
01-30005-0373-20071001
11
Configuring the Global Ignore List
The Global Ignore List excludes users such as system accounts that do not authenticate to
any FortiGate unit. The logons of these users are not reported to FortiGate units.
To configure the Global Ignore List
1 From the Start menu select Programs > Fortinet >
Fortinet Server Authentication Extension > Configure FSAE .
2 Select Global Ignore List.
3 Expand each domain and select the users to ignore.
4 Select Save.
Configuring FortiGate group filters
FortiGate filters control the user logon information sent to each FortiGate unit. You
need to configure the list so that each FortiGate unit receives user logon
information for the user groups that are named in its firewall policies.
The filter list is initially empty. You need to configure filters for your FortiGate units
using the Add function. At minimum, you can create a default filter that applies to
all FortiGate units that do not have a specific filter defined for them.
Password Enter the password that FortiGate units must use to
authenticate. The maximum password length is 16
characters. The default password is “fortinetcanada”.
Timers
Workstation verify interval Enter the interval in minutes at which FSAE checks
whether the user is still logged in. The default is every
5 minutes.
If ports 139 or 445 cannot be opened on your
network, set the interval to 0 to disable the check.
See
“Configuring TCP ports” on page 13 .
Dead entry timeout interval Enter the interval in minutes after which FSAE purges
information for user logons that it cannot verify. The
default is 480 minutes (8 hours).
Dead entries usually occur because the computer is
unreachable (in standby mode or disconnected, for
example) but the user has not logged off.
You can also disable dead entry checking by setting
the interval to 0.
IP address change verify
interval FSAE periodically checks the IP addresses of logged-
in users and updates the FortiGate unit when user IP
addresses change. This does not apply to users
authenticated through NTLM. Enter the verification
interval in seconds. IP address verification prevents
users from being locked out if they change IP
addresses. You can enter 0 to disable the IP address
check if you use static IP addresses.
Save & Close Save the modified settings and exit.
Apply Apply changes now.
Default Change all settings to the default values.
Help View the online Help.
Note: To view the version and build number information for your FSAE configuration, click
the Fortinet icon in the upper left corner of the Fortinet Collector Agent Configuration screen
and select “About FSAE configuration”.