Fortinet Single Sign On

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Implementing and Administering AD DS Sites and Replication
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.
Introduction to Fortinet Unified Threat Management
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Course 301 – Secured Network Deployment and IPSec VPN
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
1 Enabling Secure Internet Access with ISA Server.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Course 201 – Administration, Content Inspection and SSL VPN
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Enforcing Concurrent Logon Policies with UserLock.
Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications.
Microsoft ® Official Course Module 10 Optimizing and Maintaining Windows ® 8 Client Computers.
Chapter 13 – Network Security
Virtual Networking. Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces.
Windows IP Security Filters October 23, 2002 Joe Klemencic Fermilab Business Services.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 7: Fundamentals of Administering Windows Server 2008.
Overview of Client Configuration By Nanda Ganesan, Ph.D. © Nanda Ganesan.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 4: Planning, Optimizing, and Troubleshooting DHCP
1 Installation When this module is complete, you will be able to:  Set a static IP address for your laptop  Install the snom ONE software  Navigate.
Mastering Windows Network Forensics and Investigation Chapter 13: Logon and Account Logon Events.
Policies by FQDN WatchGuard Training.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
Integrating and Troubleshooting Citrix Access Gateway.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Chapter 4  Configuration: Client/Server Components 1 Chapter 4 Overview  Configure client/server components o Network interface card (NIC) o Windows.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
SMS Software Distribution. Overview  Explaining How SMS Distributes Software  Managing Distribution Points  Configuring Software Distribution and the.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Application Control. Module Objectives By the end of this module participants will be able to: Define application control lists Define firewall policies.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
MCSA Windows Server 2012 Pass Upgrading Your Skills to MCSA Windows Server 2012 Exam By The Help Of Exams4Sure Get Complete File From
Group policy.
Assignment # 8.
Fortinet NSE8 Exam Do You Want To Pass In First Attempt.
Module 3: Enabling Access to Internet Resources
Microsoft Windows NT 4.0 Authentication Protocols
Enabling Secure Internet Access with TMG
FORTINET Network Security NSE8 Dumps - 100% Success
Module 8: Securing Network Traffic by Using IPSec and Certificates
NSE4-5.4 Dumps
Download Fortinet NSE4-5.4 Test Questions And Answers PDF - Realexamdumps.com
Utilize Group Policy Terminal Server Settings
IIS.
Server-to-Client Remote Access and DirectAccess
Configuration Of A Pull Network.
Allocating IP Addressing by Using Dynamic Host Configuration Protocol
Module 8: Securing Network Traffic by Using IPSec and Certificates
Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Fortinet Single Sign On Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On 01-4310-0301-RTOL-20110729

Course 301 – Secured Network Deployment and IPSec VPN Module Objectives By the end of this module participants will be able to: Describe how Windows login credentials can be used to authenticate users to the FortiGate device Configure Fortinet Single Sign On 01-4310-0301-RTOL-20110729

Directory Services Authentication Course 301 – Secured Network Deployment and IPSec VPN Directory Services Authentication Directory Services Server Windows Active Directory Novell eDirectory Kelly Miller $d12*h1 classroom 01-4310-0301-RTOL-20110729

Directory Services Authentication Course 301 – Secured Network Deployment and IPSec VPN Directory Services Authentication User authenticates to Directory Services at logon Windows Active Directory Novell eDirectory Authentication information is passed to the FortiGate unit User automatically gets access to permitted resources without any further authentication operations Uses Fortinet Single Sign On (FSSO) Previously know as Fortinet Server Authentication Extensions (FSAE) Directory Services Server Windows Active Directory Novell eDirectory 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Detects logon event Records workstation name, domain and user Resolves workstation name to IP address Determines groups user belongs to Sends logon information to the FortiGate unit Creates a log entry on the FortiGate unit FSSO Windows Server Windows Domain Controller Kelly Miller $d12*h1 classroom 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Detects logon event Records workstation name, domain and user Resolves workstation name to IP address Determines groups user belongs to Sends logon information to the FortiGate unit Creates a log entry on the FortiGate unit FSSO FSSO monitors which user is logged on to which workstation and passes that information to the FortiGate unit When the user tries to access a network resource, the FortiGate unit selects the appropriate firewall policy User must belong to a permitted user group associated with that policy Windows Server Windows Domain Controller 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Components Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Components FSSO DC Agent Collector Agent Windows Server Windows Domain Controller 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Components Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Components FSSO DC Agent Collector Agent Depending on the working mode chosen for monitoring user logon events, the following components may be installed: FSSO Collector Agent FSSO Domain Controller Agent Two possible working modes Domain Controller Agent mode Polling mode Windows Server Windows Domain Controller 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Domain Controller Agent Mode Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Domain Controller Agent Mode Collector Agent Windows Server DC Agent Windows Domain Controller User Logon Event 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Domain Controller Agent Mode Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Domain Controller Agent Mode In this mode, a Domain Controller Agent is installed on each domain controller to monitor user logon events A Collector Agent installed on a Window Server receives the logon event information from the DC Agent and forwards it to the FortiGate unit The FortiGate unit determines access based on the user’s group membership and firewall policies for the destination Collector Agent Windows Server DC Agent Windows Domain Controller User Logon Event 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Polling Mode Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Polling Mode ? ? Collector Agent Windows Server Windows Domain Controller User Logon Event 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Polling Mode Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Polling Mode Polling mode does not require a Domain Controller Agent to be installed on each domain controller A Collector Agent installed on a Window Server will poll the domain controller for user logon information every few seconds and forwards it to the FortiGate unit Collector Agent 01-4310-0301-RTOL-20110729

Domain Controller Mode versus Polling Mode Course 301 – Secured Network Deployment and IPSec VPN Domain Controller Mode versus Polling Mode Polling mode Might not be as reliable since a poll might be missed under heavy system traffic Only one component needs to be installed on one server FSSO in a Novell eDirectory environment works similar to polling The eDirectory agent polls the eDiorectory server for user logon information and forwards it to the FortiGate unit Domain Controller mode An agent must be installed on every domain controller in the domain Each domain controller connection requires a guaranteed 64kpbs bandwidth to ensure proper FSSO functionality 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Using NTLM Authentication Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Using NTLM Authentication Collector Agent ? Windows Server User Logon Event Windows Domain Controller NTLM negotiation Click here to read more about NTLM authentication using FSSO 01-4310-0301-RTOL-20110729

Fortinet Single Sign On Using NTLM Authentication Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Using NTLM Authentication Fortinet Single Sign On can also provide NTLM authentication The FortiGate unit will initiate an NTLM negotiation with the client browser The FortiGate unit forwards the NTLM packets to the Collector Agent for processing The FortiGate unit determines access based on the user’s group membership and firewall policies for the destination Click here to read more about NTLM authentication using FSSO 01-4310-0301-RTOL-20110729

Course 301 – Secured Network Deployment and IPSec VPN Labs Lab - Directory Service Authentication Installing FSSO on the Windows server Configuring FSSO on the FortiGate unit Testing FSSO authentication Click here for step-by-step instructions on completing this lab Click here for access the FSSO installation file 01-4310-0301-RTOL-20110729

Course 301 – Secured Network Deployment and IPSec VPN Student Resources Click here to view the list of resources used in this module 01-4310-0301-RTOL-20110729

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.