Specifying your Collector agents or Novell eDirectory agents
You need to configure the FortiGate unit to access at least one Collector agent or Novell eDirectory agent. You can specify up to five servers on which you have installed a Collector or eDirectory agent. The FortiGate unit accesses these servers in the order that they appear in the list. If a server becomes unavailable, the next one in the list is tried.
To specify Collector agents - web-based manager
1. Go to User & Device > Authentication > Single Sign-On and select Create New.
2. In Type, select Fortinet Single-Sign-On Agent.
3. Enter a Name for the Windows AD server. This name appears in the list of Windows AD servers when you create user groups.
4. Enter the following information for each of up to five collector agents and select OK:
Agent IP/Name | Enter the IP address or the name of the server where this agent is installed. Maximum name length is 63 characters. If the TCP port used for FSSO is not the default, 8000, you can change the setting in the CLI using the config user fsso command. |
Password | Enter the password for the Collector agent or eDirectory agent. For the Collector agent, this is required only if you configured the agent to require authenticated access. |
5. For Novell eDirectory or Windows AD with Collector agent in Advanced AD access mode
b. In Users/Groups, select the Edit Users/Groups tab and then select the users or groups that you want to monitor. Select the View Users/Groups tab to check your selection.
6. Select OK.
To specify the FSSO Collector agent - CLI
In this example, the SSO server name is WinAD_1 and the LDAP server is ADserver.
config user fsso
edit WinAD_1
set ldap-server ADserver
set password ENC G7GQV7NEqilCM9jKmVmJJFVvhQ2+wtNEe9T0iYA5Sa+EqT2J8zhOrbkJFDr0RmY3c4LaoXdsoBczA1dONmcGfthTxxwGsigzGpbJdC71spFlQYtj
set server 10.11.101.160
set port 8000
end
config user adgrp
edit