Using LDAP authentication

When you use LDAP authentication, the external directory server where user accounts are stored verifies the user credentials.

When users authenticate to the NGFW Engine, the NGFW Engine sends the user name and password to the external directory server for authentication. The external directory server checks the user name and password against the user’s credentials in the directory, then responds to the NGFW Engine whether authentication succeeds or fails.

Note: Because the user name and password are sent through the LDAP connection, we recommend using LDAPS or Start TLS when you use LDAP Authentication.

You can use LDAP authentication with the following features:

IPsec and SSL tunnels in mobile VPNs
The SSL VPN Portal
Browser-based user authentication.

LDAP authentication has the following limitations:

You cannot use LDAP authentication for users stored in the Management Server’s internal LDAP user database.
LDAP authentication is not supported for the WPA enterprise security mode on SSID Interfaces.
Note: WPA enterprise security mode always requires an external RADIUS server that has EAP support.