In this video we create Firewall User Groups using LDAP for group members. We then test the active authentication using these groups.
Пікірлер: 3
@glennmagcawas5524 жыл бұрын
Is the concept/idea is the same as FSSO?
@satishsahu8044 жыл бұрын
Active to passive auth - Just a bit of difference . With Active auth , you are authenticating against the DC eveytime access is required , With FSSO you have passive authentication . DC validates the user and matches the group created on the firewall . Users no longer have to authenticate twice , once they log on the PC , DC sends a query back to Fortigate using ports 8000 and 8002 (can be changed ) along with DNS name of the user machine , group info etc . FSSO user sessions are active as long as the user is active on PC , Firewall auth sessions are limited and will expire triggering re-auth .