HELP FILE

Fortinet VPN configuration for the LastPass Universal Proxy LDAP

    • Define the LDAP server profile:
      1. Log in to the Fortinet FortiGate SSL VPN administration portal.
      2. In the left navigation, go to User & Device > LDAP Servers.
      3. Click Create New.

        The Edit LDAP Server page appears.

      4. Enter the following information:

        Name
        Enter a name for your LDAP server.
        Server/IP Name
        Enter the LastPass Universal Proxy IP address.
        Server Port
        Enter your port, default is 389.
        Common Name Identifier
        samAccountname
        Distinguished Name
        Enter the distinguished name, in the following format: DC=domain,DC=country_code.
        Important: Do not use a backslash in the Distinguished Name field.
        Bind Type
        Regular
        Username

        Enter the username in the following format: CN=Admin,CN=Users,DC=domain,DC=country_code.

        Important: This value must be the same as the distinguishedName field value in the Active Directory.
        Password
        Enter the administrator password.

      5. Set the Remote Authentication Timeout. Follow these command line instructions, and run the following command:

        hostname # config system global
        hostname # set remoteauthtimeout 60
        hostname # end

      6. In the left navigation, go to User & Device > User Groups, to create a user group and add the previously created server profile.

        1. In the New User Group area set the following:

          Name
          Specify a name.
          Type
          Firewall
          Members
          Leave blank.

        2. In the Remote Groups area, click + Add and choose the previously configured LDAP server.
        3. Click OK.
      7. In the left navigation, go to VPN > SSL-VPN Settings, to set the User Group which will be used for authentication when a user tries to connect to the SSL-VPN service.
        1. In the Authentication/Portal Mapping group box, click Create New.
        2. Assign the previously created user group to the SSL-VPN portal defined.
        3. Click Apply.
      8. Click Test Connectivity to test your connection.
      9. Click Test User Credentials to test an existing user's account credentials that will use this server for authentication.
      10. Click OK when finished.

        For more information on testing, see Testing the authentication with Fortinet VPN.

    Results: The Fortinet FortiGate SSL VPN has been configured. For more information about LDAP configuration, see the configuration tips and technical notes in the Fortinet knowledgebase.