![]() ![]() Now we can create and configure Remote Server: User -> Remote Server -> LDAP Server -> Create New.ġ92.168.13.82 - Active Directory Domain Controller.Ĭn - Common Name Identifier. Here, after importing AD-CA-cert.cer, Fortiweb renamed it to CA_Cert_1. I will be using local/file importing AD-CA-cert.cer. ![]() ![]() So first step is to import AD DC certificate into Fortiweb. For encrypted communication to work, Fortiweb has to have SSL certificate of the AD Domain Controller against which it tries to authenticate users. STARTTLS (port 389, encryption built-in) is newer but LDAP functionality is the same as with LDAPS (port 636, usual LDAP protocol wrapped in SSL). And it can communicate securely using either STARTTLS or LDAPS protocol. Create Remote Authentication Server to authenticate AD users.įortiweb can work with AD/LDAP server in clear text LDAP protocol, which sends usernames/passwords in CLEAR TEXT, and therefore is not recommended. Let's create local user "Joe Doe" with username joedoe.Īdditionally (not shown here), I create user "John Silver" with account johns to be allowed access to /treasure part of the website. NOTE: The Fortinet call it "authentication offloading" meaning it to be used for a web site that does not have its own authentication. Even though it is insecure, the password is sent in clear text, we will use Basic HTTP Authentication for now because in the next episode we will enable HTTPS protocol. Task: Continuing the Basic setup, we want to protect access to some pages, namely the root document "/" and "/treasure" with username and password.įor this we want 2 kinds of users: local created on the Fortiweb, and remote residing in the Active Directory of the company. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |