This topic gives an example of configuring a local FSSO agent on the FortiGate. The agent actively pools Windows Security Event log entries on Windows Domain Controller (DC) for user log in information. The FSSO user groups can then be used in a firewall policy.
This method does not require any additional software components, and all the configuration can be done on the FortiGate.
- Configure an LDAP server on the FortiGate
- Configure a local FSSO polling connector
- Add the FSSO groups to a policy
Refer to Configuring an LDAP server. The connection must be successful before configuring the FSSO polling connector.
- Go to Security Fabric > External Connectors and click Create New.
- In the Endpoint/Identity section, select Poll Active Directory Server.
- Fill in the required information.