[FortiGate 60D] Notification: Can't contact LDAP server

dzt0 · ‎04-29-2019

Dear all,

Please let me know why don't ping from FortiGate Router to Active Directory server? But ping from Active Directory server to FortiGate Router is OK. I trying to setup LDAP server but get the error: "Can't contact LDAP server". I tried it all. Suggest me the next step. What should I check from?

ede_pfau · ‎04-29-2019

Probably the source address for ping/LDAP is not correct.

Test with ping first.

exec ping-option source a.b.c.d

sets the FGT's source address to one of it's interfaces. You cannot choose an arbitrary address, that is.

In the CLI there is a "source-address" setting for LDAP as well, look in "config auth ldap".

Ede

"Kernel panic: Aiee, killing interrupt handler!"

xsilver_FTNT · ‎05-02-2019

Have you checked following ..

- routing on FGT, and all the way to LDAP .. any asymmetry or routing issue ?

- firewall on the way not allowing ICMP from FGT but allowing it from LDAP ?

- any firewall on LDAP/AD itself ?

- on FGT what's on packet capture .. any ingress of ICMP ?

- on FGT any local in policy preventing that ?

- on FGT what's in flow debug ?

I guess that some of those steps will give you a hint what's going on.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

dzt0 · ‎05-06-2019

I try ping-options, it works My Active Directory server is 10.0.1.1 I need to check the Source address on FGT, right? How to check it?

xsilver_FTNT · ‎05-07-2019

how about packet capture of the outgoing traffic?

for example: diag sniff pack any 'host 10.0.1.1 and icmp' 4 0 a