Fortinet VPN configuration for the LastPass Universal Proxy LDAPS protocol
When using FortiOS Version 6.4.0 or higher and Amazon Corretto Java Runtime Environment version 8u272 or higher with LDAPS protocol, the Universal Proxy will not work, as this configuration enforces the usage of TLS version 1.3 between Fortinet and Universal Proxy. Universal Proxy version 2.2.0 supports TLS version 1.2 only. In order for Universal Proxy version 2.2.0. to work with the LDAPS protocol, use one of the following workarounds:
- in the FortiOS change the highest supported TLS version to 1.2
- downgrade Amazon Corretto Java Runtime Environment 17 to version prior to 8u272
Define a LDAP server profile:
- Log in to the Fortinet FortiGate SSL VPN administration portal.
- In the left navigation, go to .
- Click Create New.
The Edit LDAP Server page appears.
- Enter the following information:
- Enter a name for your LDAP server.
- Server/IP Name
- Enter the LastPass Universal Proxy IP address.
- Server Port
- Enter your port, default is 636.
- Common Name Identifier
- Distinguished Name
- Enter the distinguished name, in the following format: DC=domain,DC=country_code.
Important: Do not use a backslash in the Distinguished Name field.
- Bind Type
- Secure Connection
- Enable with the toggle button.
- Select the appropriate certificate.
- Set the Remote Authentication Timeout. Follow these command line instructions, and run the following command:
hostname # config system global hostname # set remoteauthtimeout 60 hostname # end
- Click Test Connectivity to test your connection.
- Click Test User Credentials to test an existing user's account credentials that will use this server for authentication.
- Click OK when finished.
Results: The Fortinet FortiGate SSL VPN has been configured. For more information about LDAP configuration, see the configuration tips and technical notes in the Fortinet knowledgebase.