HELP FILE

Fortinet VPN configuration for the LastPass Universal Proxy LDAPS protocol

    When using FortiOS Version 6.4.0 or higher and Amazon Corretto Java Runtime Environment version 8u272 or higher with LDAPS protocol, the Universal Proxy will not work, as this configuration enforces the usage of TLS version 1.3 between Fortinet and Universal Proxy. Universal Proxy version 2.2.0 supports TLS version 1.2 only. In order for Universal Proxy version 2.2.0. to work with the LDAPS protocol, use one of the following workarounds:
    • in the FortiOS change the highest supported TLS version to 1.2
    • downgrade Amazon Corretto Java Runtime Environment 17 to version prior to 8u272
    • Define a LDAP server profile:
      1. Log in to the Fortinet FortiGate SSL VPN administration portal.
      2. In the left navigation, go to User & Device > LDAP Servers.
      3. Click Create New.

        The Edit LDAP Server page appears.

      4. Enter the following information:

        Name
        Enter a name for your LDAP server.
        Server/IP Name
        Enter the LastPass Universal Proxy IP address.
        Server Port
        Enter your port, default is 636.
        Common Name Identifier
        samAccountname
        Distinguished Name
        Enter the distinguished name, in the following format: DC=domain,DC=country_code.
        Important: Do not use a backslash in the Distinguished Name field.
        Bind Type
        Regular
        Secure Connection
        Enable with the toggle button.
        Protocol
        LDAPS
        Certificate
        Select the appropriate certificate.

      5. Set the Remote Authentication Timeout. Follow these command line instructions, and run the following command:

        hostname # config system global
        hostname # set remoteauthtimeout 60
        hostname # end

      6. Click Test Connectivity to test your connection.
      7. Click Test User Credentials to test an existing user's account credentials that will use this server for authentication.
      8. Click OK when finished.
    Results: The Fortinet FortiGate SSL VPN has been configured. For more information about LDAP configuration, see the configuration tips and technical notes in the Fortinet knowledgebase.