Networking When configuring your network, ensure that there is no ‘back door’ access to the protected network. For example, if there is a wireless access point, it must be appropriately protected with password and encryption. Be sure to also maintain an up-to-date network diagram which includes IP addressing, cabling, and network elements.   Routing configuration […]

Configuring FSSO Advanced Settings Depending on your network topologies and requirement, you may need to configure advanced settings in the FSSO Colloctor agent.To do so, from the Start menu, select Programs > Fortinet > Fortinet Single Sign-On Agent > Configure Fortinet Single Sign-On Agent, then from the Common Tasks section, select Advanced Settings.   This […]

Configuring FSSO with Novell networks You need to configure the eDirectory agent for it to communicate with eDirectory servers. You may have provided some of this information during installation. This section includes: Configuring the eDirectory agent Adding an eDirectory server Configuring a group filter   Configuring the eDirectory agent You need to configure the eDirectory […]

Configuring the FSSO TS agent for Citrix   The FSSO TS agent works with the same FSSO Collector agent that is used for integration with Windows Active Directory. Install the Collector agent first. Follow the Collector agent installation procedure in Collector agent installation on page 562.   Configuration steps include: Install the Fortinet Citrix FSSO […]

Security Profiles (AV, Web Filtering etc.) Infection can come from many sources and have many different effects. Because of this, there is no single means to effectively protect your network. Instead, you can best protect your network with the various UTM tools your FortiGate unit offers.   Firewall Be careful when disabling or deleting firewall […]

Chapter 5 – Best Practices Overview This FortiGate Best Practices document is a collection of guidelines to ensure the most secure and reliable operation of FortiGate units in a customer environment. It is updated periodically as new issues are identified.   General Considerations 1. For security purposes, NAT mode is preferred because all of the […]

RADIUS SSO example A common RADIUS SSO topology involves a medium sized company network of users connecting to the Internet through the FortiGate unit, and authenticating with a RADIUS server. RADIUS SSO authentication was selected because it is fast and relatively easy to configure. This section includes: Assumptions Topology Configuring RADIUS Configuring FortiGate regular and […]

Examples and Troubleshooting This chapter provides an example of a FortiGate unit providing authenticated access to the Internet for both Windows network users and local users. The following topics are included in this section: Firewall authentication example LDAP Dial-in using member-attribute example RADIUS SSO example Troubleshooting Firewall authentication example Example configuration Overview In this example, there […]