To enable that you need a copy of the CA Certificate, for the CA that issued them. To perform LDAPS the FortiGate needs to trust the certificate(s) that our domain controller(s) use. Network > DNS > Specify > Add in your ‘Internal” DNS servers > Apply. Or you can add the IP address to the servers Kerberos certificate as a ‘ Subject Alternative Name‘ but thats a bit bobbins IMHO (Because the Kerberos Certificate name on your Domain Controller(s) gets checked, when doing LDAPS queries, if you DON’T want to do this then disable server identity check when you setup your LDAP server below). See the following article įortiGate: Change the HTTPS Management PortĬertificate: I’m also using a self signed certificate on the FortiGate, in a production environment you may want to purchase a publicly signed one!īefore we start, we need to make sure your firewall can resolve internal DNS.
I suggest you also do this, as running SSL-VPN over an ‘odd’ port may not work from some locations. This was to let me use the proper HTTPS port of 443 for remote access SSL VPN. Note: I’ve changed the FortiGates default management HTTPS port from 443 to 4433 (before I started). Here’s how to setup remote access to a FortiGate firewall device, using the FortiClient software, and Active Directory authentication. FortiGate Remote Access ( SSL– VPN ) is a solution that is a lot easier to setup than on other firewall competitors.
0 kommentar(er)
