Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Hawada1
Staff
Staff

Created on ‎07-06-2021 05:45 AM Edited on ‎01-30-2024 03:14 AM By Community Manager

Article Id 196022

Technical Tip: Explicit proxy with NTLM authentication

Description
This article describes how to configure explicit proxy and authenticate users using NTLM protocol.

Solution
1) Enable web proxy.



 
 
2) Add a LDAP server.
 
 

 
 
3) Configure authentication scheme.
 
Create new domain controller by selecting '+ Create tab'.
 
 
 
 
Select the method to be NTLM and from the domain controller drop down list select the domain controller created in the prior step:
 
 

 
 
Alternative is CLI commands given below, showing how to configure domain controller and authentication scheme on FortiGate:
# config user domain-controller
# config user domain-controller
    edit "DC"
        set ip-address <LDAP-Server-IP>
        set port 445
        set domain-name "labdc.local"
        set ldap-server "LDAPSRV"
    next
end
# config authentication scheme
    edit "NTLMNEW"
        set method ntlm
        set domain-controller "DC"
        set fsso-guest disable
    next
end
4) Configure authentication Rule.
 
Select protocol to HTTP.
Then select the NTLM method previously configured and disable IP-based authentication.
 
 

 
 
# config authentication rule
    edit "NTLMNEWRULE"
        set status enable
        set protocol http
        set srcaddr "VMware address"
        set ip-based disable
        set active-auth-method "NTLMNEW"
        set web-auth-cookie disable
        set comments ''
    next
end
5) Configure 'User Group':
Select type to Firewall, select 'Add' under Remote Groups, select the remote LDAP server and assign the user group that already exists on the domain controller.
 
 
 
 
6) Last step configure Proxy policy as show in the below figure:
 
 

 
 
7) Testing Phase:
A pop-up window appears when user tries to access a web page.
 
 
 
 
 
8) Using Curl method.
curl --proxy-ntlm --proxy-user Username:Password --proxy <PROXY_URL:PORT>



 
 
 
Note.
If user does not authenticate no logs will appear in the FortiGate 'User Events'.
However, if the browser is closed after successfully authenticating NTLM credentials and kept the session idle for more than 5 minutes (Default proxy session timeout 5 min), then an authentication timed-out under User Events will appear.
 
 

 
 
# diagnose wad user list
FGT # diagnose wad user list
ID: 1, VDOM: root, IPv4: 192.168.108.22
  user name   : aduser2
  worker      : 3
  duration    : 153
  auth_type   : Session
  auth_method    :  NTLM
  pol_id      : 1
  g_id        : 5
  user_based  : 0
  expire      : 248
  LAN:
    bytes_in=119053 bytes_out=1258224
  WAN:
    bytes_in=937468 bytes_out=80500
prior FortiGate version visible auth_method = 2
auth_method = 2   <----- Means the user has been authenticated using NTLM method.

 

Related Articles

Technical note: WAD troubleshooting commands

12109
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.