Technical Tip: FSSO Collector Agent DNS Resolution Process to get Workstation IP
| Description | This article describes the process followed by FSSO Collector Agent to verify the IP of a workstation |
| Scope | FortiOS, FSSO CA. |
| Solution | The FSSO CA periodically verifies the IP address of the user workstation using DNS resolution.
In general, the user may encounter an issue with FSSO authentication upon switching from a wired to wireless network or vice versa.
Consider an example when user switches from a wired to a wireless network, where the DNS server still resolves the wired IP address for the user. In this case, the user's wireless IP address will not get updated on the FortiGate.
For more information, refer to the below on how collector agent performs name resolution: Technical Tip: How the FSSO Collector Agent performs name resolution.
Some corporate environments with large amounts of workstations can experience delays in workstation IP address verification regardless of what the timer is set to. This mostly occurs when there are thousands of workstation host names queued for DNS resolution. For this situation, the DNS thread count can be increased: see Technical Tip: Optimization of FSSO workstation IP address verification. |
