Fortinet Fortinet 1.5, Техническая заметка

Страница: 5 / 20

Using FSAE on your network FSAE overview
Fortinet Server Authentication Extension Version 1.5 Technical Note
01-30005-0373-20071001
5
Using FSAE on your network
The Fortinet Server Authentication Extension (FSAE) provides seamless
authentication of Microsoft Windows Active Directory users on FortiGate units.
This chapter describes how to install and configure FSAE on your Microsoft
Windows network and how to configure your FortiGate unit to authenticate users
using FSAE.
The following topics are included in this chapter:
• FSAE overview
• Installing FSAE on your network
• Configuring FSAE on Windows AD
• Configuring FSAE on FortiGate units
• Testing the configuration
• NTLM authentication
FSAE overview
On a Microsoft Windows network, users authenticate at logon. It would be
inconvenient if users then had to enter another user name and password for
network access through the FortiGate unit. FSAE provides authentication
information to the FortiGate unit so that users automatically get access to
permitted resources.
FortiGate units control access to resources based on user groups. Through
FSAE, the Windows Active Directory (AD) groups are known to the FortiGate unit
and you can include them as members of FortiGate user groups.
There are two mechanisms for passing user authentication information to the
FortiGate unit:
• FSAE software installed on a domain controller monitors user logons and
sends the required information directly to the FortiGate unit
• using the NTLM protocol, the FortiGate unit requests information from the
Windows network to verify user authentication. This is used where it is not
possible to install FSAE on the domain controller. The user must use the
Internet Explorer (IE) browser.
FSAE has two components that you must install on your network:
• The domain controller (DC) agent must be installed on every domain controller
to monitor user logons and send information about them to the collector agent.
• The collector agent must be installed on at least one domain controller to send
the information received from the DC agents to the FortiGate unit.