Fortinet FSAE ユーザーズマニュアル

The Fortinet Server Authentication Extension (FSAE) provides seamless 
authentication of Microsoft Windows Active Directory users on FortiGate units. 
This chapter describes how to install and configure FSAE on your Microsoft 
Windows network and how to configure your FortiGate unit to authenticate users 
using FSAE. 

The following topics are included in this chapter:

•

•

•

•

•

•

On a Microsoft Windows network, users authenticate at logon. It would be 
inconvenient if users then had to enter another user name and password for 
network access through the FortiGate unit. FSAE provides authentication 
information to the FortiGate unit so that users automatically get access to 
permitted resources.

FortiGate units control access to resources based on user groups. Through 
FSAE, the Windows Active Directory (AD) groups are known to the FortiGate unit 
and you can include them as members of FortiGate user groups.

There are two mechanisms for passing user authentication information to the 
FortiGate unit:

•

FSAE software installed on a domain controller monitors user logons and 
sends the required information directly to the FortiGate unit

•

using the NTLM protocol, the FortiGate unit requests information from the 
Windows network to verify user authentication. This is used where it is not 
possible to install FSAE on the domain controller. The user must use the 
Internet Explorer (IE) browser.

FSAE has two components that you must install on your network:

•

The domain controller (DC) agent must be installed on every domain controller 
to monitor user logons and send information about them to the collector agent.

•

The collector agent must be installed on at least one domain controller to send 
the information received from the DC agents to the FortiGate unit.