Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.

8.0.95

{{item.code}}

Release Notes

Network Secure V8.0.95 Version Release Notes

Overview

Enhancements

New Features

Upgrade Impacts

Upgrade Guide

Preparations for Upgrade

Pre-Upgrade Check

Upgrade Procedures

Post-Upgrade Check

Upgrade Methods

Upgrading Network Secure from the GUI

Upgrading Network Secure via Central Manager

Network Secure V8.0.95 SP03 Release Notes

SP Information

Upgrade Impacts

Customer Upgrade Preparations

Upgrade Guide

Preparations for Upgrade

Upgrade Procedure

Network Secure V8.0.95 SP01 Release Notes

Service Package(SP) Information

Upgrade Impacts

Customer Upgrade Preparations

Upgrade Guide

Preparations for Upgrade

Upgrade Procedure

Product Overview

Deployment

Installation Preparations

Deployment Mode

Deploying vNGFW on HCI and VMware

Deploy vNGFW in HCI

Preparation

Other

About the validity period of authorization

Replacing Fortigate with NGFW

Overview and Migration Process Overview

Pre-Migration Preparation (Critical)

Key Functional Differences Between Fortigate and Sangfor NGFW

VODM

IPSEC

SD-WAN and Policy-Based Routing

Firewall Policy

Automated Configuration Conversion Based on Tools – For ACL, NAT, Address Objects, and Service Objects

Manual Migration Configuration

Modify the Interface Configuration

Policy Template Migration

Security Protection Policy Migration

SSL Decryption

Logs and Alert

AD / LDAP

Fortigate IPSec Migration

SD-WAN Migration

Testing and Validation

Cutover and Rollback Plan

Cutover Procedure

Post-Cutover Optimization and Best Practices

Policy Optimization

Log and Reporting Configuration

Security Policy Audit Recommendations

Appendices and Support Information

User Manual

Home

Security Operations

IoT Security

Business Asset Security

Summary of Business Asset Risks

Configuration Case

Summary of Attack Events

Passive Vulnerability Scan

User Security

Specialized Protection

Blacklist and Whitelist

Blacklist

Whitelist

Next-Gen Security

Endpoint Protection

Security Capabilities

Monitor

Logs

Security Logs

Access Logs

System Logs

TOP N

Configuration Procedures

Sessions

Bandwidth Management

Statistics

Application

Application Statistics Query Case

Traffic

Case of Viewing Traffic Statistics

Report

Diagnosis

Packet Tracing

Settings

Logging Options

Log Database

Policies

Network Address Translation

IPv4 NAT

IPv6 NAT

NAT64

DNS-Mapping

Configuration Example

Access Control

Application Control

GeoLocation Blocking

Configuration Steps

Local ACL

Configuration Steps

Connection Control

Configuration Example

Network Security

Security Protection Policy

Anti DoS/DDoS

Unauthorized Outbound Access

Spoofed Access

Configuration Case

Decryption

Decrypt Data to Internal Server

Configuration Steps

Bandwidth Management

Channel Configuration

VPN Bandwidth Channels

Sangfor VPN Bandwidth Policy Case Study

Link Settings

Authentication

User Authentication

Custom Webpage

Objects

Threat Signature Database

Security Database

Custom Database

Content Identification Database

Application Signatures Database

URL Category Database

File Types

Email Attachment Filter

Schedule

Network

Interfaces

Physical Interfaces

Edit Physical Interface

DHCP

DHCP Servers

Configuration Case

Advanced Networking

Configuration Case

SSL VPN

Resources

Roles

Sangfor/IPSec VPN

SD-WAN Configuration

Sangfor VPN Configuration

Logs

System

General Settings

Configuration Steps

License Activation Method

Troubleshooting

Tools

High Availability

Virtual Systems

Overview

Device Management

Central Management

O&M Management

Routine Inspection

Check the Security of the Device

Shortcut Functions

Restoration of the Device Configuration and Password

Restore the Password by Rebooting with a USB Flash Drive

Restore the Factory Settings

Patch Update Guidance

Precautions

Use of Auxiliary Tools

Troubleshooting

Emergency Event Handling

Product Upgrade Guide

Offline Upgrade

Product Post-Upgrade Inspection

Acronym

SDKs, APIs

CLI Document

Athena NGFW (Next-Generation Firewall)

LDAP User Sync Case

{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","LDAP User Sync Case")}}

LDAP User Sync Case

{{ $t('productDocDetail.updateTime') }}: 2025-12-25

An enterprise needs to synchronize the organizational structure of the LDAP server with that of the device while maintaining continuous synchronization. To achieve this, LDAP User Sync must be configured on Network Secure.

Step 1.Set the LDAP server to be synchronized by specifying the IP address, port, login username, password, etc. For details, see Chapter 6.6.3.3 External Authentication Server.

Step 2.Go to Policies > Authentication > Local Users > LDAP User Sync, click Add, and set synchronization parameters in the Add Sync Policy dialog box.

A computer screen shot of a computer

Description automatically generated

Step 3.Specify Name, Description, Sync Mode, and Auto Sync. Select Sync by OU for Sync Mode, and Enabled (once a day) for Auto Sync. Automatic synchronization is implemented once a day.

A screenshot of a computer

Description automatically generated

Step 4.In Server Settings, set information of OUs on the LDAP server to be synchronized.

A screenshot of a computer

Description automatically generated

LDAP Server: Enter the LDAP server to be synchronized. In this example, the server configured in Step 1 is selected.

LDAP Directory: Specify the OUs to be synchronized on the LDAP server. Click Select to select the OUs to be synchronized in the Select OU dialog box. Click Save.

A screenshot of a search box

Description automatically generated

Add top-level OU of selected LDAP directory below specified OU of local directory: When selected, the root domain on the LDAP server will also be synchronized as a group, and the OUs synchronized are its subgroups.

Add bottom-level OU of selected LDAP directory below specified OU of local directory: When selected, the synchronization starts from the selected OU.

Add sub-OU of selected LDAP directory below specified OU of local directory: When selected, the synchronization starts from the sub-OU of the selected OU. The selected OU and its affiliated users will not be synchronized to the device.

OU Depth: Specify the depth of the imported OUs. The value is 10 in this example, indicating that only sub-OUs up to level 9 can be synchronized as user groups to the device. However, users of OUs lower than level 9 can still be synchronized to the device as users under level-9 OUs.

Filter: Specify the filter parameters for synchronization.

Step 1.In Local Settings, set Method and Local Directory, and select whether to enable Allow concurrent logins on multiple terminals.

A screenshot of a computer error

Description automatically generated

Method: Whether to synchronize OUs and users. Select an option based on requirements.

Sync LDAP OUs and users to this device: Synchronize OUs as user groups to the device and OU users to the OU user groups.

Sync LDAP users to this device, OU ignored: Synchronize OU users instead of OUs to the device.

Sync LDAP OUs to this device, user ignored: Synchronize OUs but no OU users to the device as user groups. In this example, select Sync LDAP OUs and users to this device to synchronize both OUs and users.

Allow concurrent logins on multiple terminals: The domain account synchronized to the device is a public account by default and can be logged in on multiple PCs. If this option is not selected, the user is a private account and can be logged in on a single PC at a time.

Local Directory: Select an existing group on the device, to which synchronized OUs will be subgroups. In the Select OU dialog box, select the corresponding group.

A screenshot of a browser window

Description automatically generated

Step 2.Click OK to complete setting the policy. The added synchronization policy is displayed on the LDAP User Sync page. Click Sync Now to perform a synchronization immediately. Or wait for the daily automatic synchronization.

Step 3.Go to Policies > Authentication > Local Users > Group/User to view the synchronization results, as shown in the following figure. The imported OUs and users are consistent with those on the LDAP server.

A screenshot of a computer

Description automatically generated

If the names of OUs or users to be synchronized duplicate existing user groups or users on the device, the synchronization will fail.

6.6.2.4.1.1Delete a Synchronization Policy

When a synchronization policy is unwanted, you can delete it. Specifically, go to the LDAP User Sync page, select the synchronization policy to be deleted, and click Delete. The deletion of a synchronization policy will not affect the groups and users already synchronized to the device.

6.6.2.4.1.2View Logs

A synchronization log is generated every time the device synchronizes OUs or users from the LDAP server to inform you of the synchronization status. Click View Logs. In the Sync Logs dialog box, select and download the synchronization log you want to view by clicking the corresponding name.

A screenshot of a computer

Description automatically generated

{{ $t('index.defaultHeader.logo') }}

Athena NGFW (Next-Generation Firewall)

LDAP User Sync Case