Sangfor Community»Categories Products IPSec/SSL VPN LDAP Authentication via IPsec Tunnel

LDAP Authentication via IPsec Tunnel

views: 1336 | comments: 5 | added to Favorites 0
Lights on | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
Created: 2024-Aug-05 01:01

Summary:

We are implemented Sangfor firewall on our one of branch. LDAP server is located on head office and we created IPsec tunnel between Sangfor firewall and Head office. I want authenticate users via LD ...

Reply

Farina Ahmed Posted 2024-Aug-06 17:45
First you need to configure the Sangfor firewall to communicate with the LDAP server at the head office. For this make sure that the IPsec tunnel is active and secure. In the Sangfor firewall's administration interface, navigate to the authentication settings and specify the LDAP server's IP address, port, and required credentials. Map the necessary user groups and define authentication policies to enforce user authentication through the LDAP server. Apply proper access control lists (ACLs) to allow traffic between the Sangfor firewall and the LDAP server over the IPsec tunnel.
rani Posted 2024-Aug-05 20:46
Hi.
Using a Sangfor firewall at a branch office, you can use an LDAP server from your head office to authenticate users:
Step 1: Confirm that communication between the firewall and LDAP server is permitted and that the IPsec tunnel between the branch and head office is operational.
Step 2: Log in to the Sangfor firewall, select User Authentication, and enter the IP address, port number, Base DN, Admin DN, and password of the LDAP server. Verify the connection.
Step 3: Select LDAP as the authentication protocol and establish user- or group-based authentication policies.
Step 4: To make sure user authentication is functioning properly, save the settings and test it.
Step 5: Look for problems in the firewall logs and troubleshoot as necessary.


Enrico Vanzetto Posted 2024-Aug-05 14:29
Hi,when you’re working within a Sangfor environment, it’s a good idea to use Sangfor VPN for connecting your headquarters (HO) and branch. Here are the steps you should follow:

Ensure Reachability: First, make sure that the connection between your HO and branch is reachable. This ensures smooth communication.

Branch Policy: From the branch side, create a policy that allows specific services. In this case, limit it to only LDAP (ldaps) and DNS.

LDAP Configuration: Configure ldaps on the branch to connect to your ldaps server at the HO. You’ll need to input the IP address of your ldaps server (or domain name). Don’t forget to include the username/password for your Active Directory (AD) and specify the CN (Common Name) and DN (Distinguished Name)
vesogi7900 Posted 2024-Aug-05 12:57
To authenticate users via an LDAP server at your head office using a Sangfor firewall at a branch office:
Step 1. Verify that the IPsec tunnel between the branch and head office is active and allows traffic between the firewall and LDAP server.
Step 2. Access the Sangfor firewall, navigate to User Authentication settings, and add the LDAP server details (IP, port, Base DN, Admin DN, and password). Test the connection.
Step 3. Choose LDAP as the authentication method and create authentication policies based on users or groups.
Step 4. Save the configuration and test user authentication to ensure it works correctly.
Step 5. Check firewall logs for any issues and troubleshoot as needed.
ilham Posted 2024-Aug-05 10:56
while you in sangfor environment,
it will be better to use sangfor vpn for connection between your HO & Branch

- ensure the connection between your HO and branch is reachable
- from the branch make a policy that allow specific services (only ldaps and dns)
- on the branch make ldaps configuration to your ldaps server on HO ( the ip address of our ldaps/domain name) also dont forget to input username/password of your AD and CN, DN