Fortinet Fortigate -Windows Server 2008 R2 Configuration

Joy

@StrongBad said:

How is it going today, @Joyfano?

Thank you for asking @StrongBad i haven't really tried to check day..
pretty busy over here.

I talked with my real boss and he told me that we should ask the provider to help us or if we need to attend training to fully utilize this router without being worried on how to integrate with AD.

Joy

@scottalanmiller said:

@Joyfano yup, we work hard to discuss your issues while you sleep!

Thanks.. i will read all the replies probably after lunch..
crossed finger

scottalanmiller

@Joyfano said:

I talked with my real boss and he told me that we should ask the provider to help us or if we need to attend training to fully utilize this router without being worried on how to integrate with AD.

Your boss is seriously confused, isn't he?

thanksajdotcom

@scottalanmiller said:

@Joyfano said:

I talked with my real boss and he told me that we should ask the provider to help us or if we need to attend training to fully utilize this router without being worried on how to integrate with AD.

Your boss is seriously confused, isn't he?

It sounds like it.

scottalanmiller

@ajstringham her manager can't even tell what an ISP doesn't or when things integrate or the basics of DNS. He's failing both at IT and at being a manager (knowing when to break things or when to let people do their jobs, who to trust with the network, etc.)

thanksajdotcom

@scottalanmiller said:

@ajstringham her manager can't even tell what an ISP doesn't or when things integrate or the basics of DNS. He's failing both at IT and at being a manager (knowing when to break things or when to let people do their jobs, who to trust with the network, etc.)

Today seems to be the day of failing managers.

Joy

Hello everyone Thank you to all.
I already resolve the problem.I changed the dns of fortigate to use the DNS of internal DNS server.
All of your replies are very much appreciated.
i watched some demos recommended by @Bill-Kindle as well as the replies of other IT folks from SW.
@scottalanmiller Thank you for pointing out that i don't need to use the DNS of ISP.

I learned a lot and since this stuff is new to me i thought before i need to use the LDAP but i just realized that i don't need to use it since that i already resolved the problem.

Joy

Another question..
Knowing that i don't have much ideas about Fortigate
as i mentioned before i thought the LDAP is the way to resolve our problem.

My question now is:
Is it useful if we use the LDAP SERVERS? or i don't need that stuff..
=we don't have VPN so basically users are internal.

scottalanmiller

You should not be looking at LDAP. Active Directory is LDAP. You don't want a second LDAP system.

scottalanmiller

I'm not even sure how LDAP would apply in this situation. What are you trying to do with it?

Joy

@scottalanmiller said:

I'm not even sure how LDAP would apply in this situation. What are you trying to do with it?

http://www.netid.washington.edu/documentation/ldapAuth.aspx
"LDAP Authentication

LDAP authentication is a loaded term which simply means to issue the LDAP BIND operation. Since the LDAP BIND operation is very flexible, this means there are a variety of forms this authentication might take. These forms include extremes such as:

cleartext passwords over the wire
no identifying name specified
choosing not to authenticate
authentication with a certificate
authentication using some custom method

as well as more traditional forms where a name (username) and password are used, and the password is encrypted on the wire or a private/public key algorithm used to protect the password.

Active Directory supports all the LDAP standard authentication mechanisms, as well as a few more, but many of these more extreme forms are not supported by UWWI, usually because they violate computing standards.

The LDAP standard introduces the various forms of authentication by first categorizing them as authentication methods, with various authentication mechanisms underlying each method. This document follows that organizational precedent."

I read it from here.
I guess @Bill-Kindle and @JaredBusch can help me to explain how does it work

scottalanmiller

I know what LDAP authentication is, we use it constantly. But it has nothing to do with DNS and doesn't relate to the issue that you have here. All you need to do here is not use the ISP for internal DNS. That's all. The ISP should have nothing to do with this. The internal DNS server has to handle your DNS needs. That's all. The simplest thing is actually the solution.

Joy

@scottalanmiller said:

I know what LDAP authentication is, we use it constantly. But it has nothing to do with DNS and doesn't relate to the issue that you have here. All you need to do here is not use the ISP for internal DNS. That's all. The ISP should have nothing to do with this. The internal DNS server has to handle your DNS needs. That's all. The simplest thing is actually the solution.

I guess yes. So i think problem solved now..
Hmmm but the other problem cannot be solved you know what i mean..