Académique Documents
Professionnel Documents
Culture Documents
Module Objectives
Directory
Services
Server
Windows Novell
Active eDirectory
Directory
Kelly Miller
$d12*h1
classroom
Directory Services Authentication
Windows
Server
Windows
Domain
Controller
Kelly Miller
$d12*h1
classroom
Fortinet Single Sign On
• Detects logon event
• Records workstation name, domain and user FSSO
• Resolves workstation name to IP address
• Determines groups user belongs to
• Sends logon information to the FortiGate unit
•
• FSSO monitors which user is logged on
Creates a log entry on the FortiGate unit
Windows
Server
Windows
Domain
Controller
Fortinet Single Sign On Components
Collector
DC
FSSO
Agent
Collector
Agent
Windows
Server
DC
Agent
Windows
User
Domain
Logon
Controller
Event
Fortinet Single Sign On Domain Controller Agent Mode
Collector
Agent ?
Windows
Server
Windows
User
Domain
Logon
Controller
Event
Fortinet Single Sign On Polling Mode
• Polling mode
• Might not be as reliable since a poll might be missed under
heavy system traffic
• Only one component needs to be installed on one server
• FSSO in a Novell eDirectory environment works similar to
polling
• The eDirectory agent polls the eDiorectory server for user logon
information and forwards it to the FortiGate unit
• Domain Controller mode
• An agent must be installed on every domain controller in the
domain
• Each domain controller connection requires a guaranteed
64kpbs bandwidth to ensure proper FSSO functionality
Fortinet Single Sign On Using NTLM Authentication
Collector
Agent
? Windows
Server
User
Windows
Domain
Logon
NTLM negotiation
Controller
Event