UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The FortiGate device must use LDAPS for the LDAP connection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-234208 FGFW-ND-000245 SV-234208r628777_rule High
Description
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Network devices can accomplish this by making direct function calls to encryption modules or by leveraging operating system encryption capabilities.
STIG Date
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide 2021-01-29

Details

Check Text ( C-37393r611811_chk )
Log in to the FortiGate GUI with Super-Admin privilege.

1. Open a CLI console, via SSH or available from the GUI.
2. Run the following command:
# show full-configuration user ldap | grep -i ldaps
The output should be:
set secure ldaps

If set secure is not set to ldaps, this is a finding.
Fix Text (F-37358r611812_fix)
Log in to the FortiGate GUI with Super-Admin privilege.

1. Open a CLI console, via SSH or available from the GUI.
2. Run the following command:
# config user ldap
# edit {ldap_server_name}
# set server {server_ip}
# set cnid {cn}
# set dn {dc=XYZ,dc=fortinet,dc=COM}
# set type regular
# set username {cn=Administrator,dc=XYA, dc=COM}
# set password {bind password}
# set secure ldaps
# set ca-cert {CA certificate name}
# next
# end