Technical Tip: How to verify FortiGate synchronize FSSO user sessions to the secondary node in HA cluster

1. Use the CLI commands to list FSSO authenticated users in the Primary node.

Primary # diagnose firewall auth list

10.176.2.144, LIMYD
type: fsso, id: 0, duration: 2447, idled: 80
server: FSSO
packets: in 1543 out 558, bytes: in 1707555 out 193933
user_id: 16777219
group_id: 14 33554455 33554456 33554435 33554433 33554482 33554477 33554483 33554444
group_name: FSSO_Group CN=TEST1-TEST2-GROUP,CN=USERS,DC=MK,DC=COM

10.176.5.114, TEST3
type: fsso, id: 0, duration: 36, idled: 36
server: FSSO
packets: in 0 out 0, bytes: in 0 out 0
group_id: 14 33554455 33554483 33554435 33554434 33554482 33554477
group_name: FSSO_Group CN=TEST1-TEST2-GROUP,CN=USERS,DC=MK,DC=COM

----- 2 listed, 0 filtered ------

2. Use the CLI command 'execute ha manage' to access the Secondary node. The FSSO user sessions can be seen synchronized via HA.

Secondary # diagnose firewall auth list

10.176.2.144, LIMYD
type: fsso, id: 0, duration: 16607, idled: 16607
flag(400): ha ----------------------------------> Synchronize FSSO user.
server: FSSO
packets: in 0 out 0, bytes: in 0 out 0
user_id: 16777219
group_id: 14 33554455 33554456 33554435 33554433 33554482 33554477 33554483 33554444
group_name: FSSO_Group CN=TEST1-TEST2-GROUP,CN=USERS,DC=MK,DC=COM

10.176.5.114, TEST3
type: fsso, id: 0, duration: 15, idled: 15
flag(400): ha ----------------------------------> Synchronize FSSO user.
server: FSSO
packets: in 0 out 0, bytes: in 0 out 0
group_id: 14 33554455 33554483 33554435 33554434 33554482 33554477
group_name: FSSO_Group CN=TEST1-TEST2-GROUP,CN=USERS,DC=MK,DC=COM

----- 2 listed, 0 filtered ------