AD User override by service account for internet access (Internet access issue)

Forum|Forum|5 years ago
March 3, 2021
1 reply
3516 views

we are facing internet access through the Explicit Proxy mode with AD user authentication. Though they are already login to his PC with his domain logon , some time later original account override by service account(MacAfee antivirus update account)which showing in the Fortigate Log "Firewall User Monitor". As a result many of our users facing the problem more frequently.

Anyone please help me.

Alivo__FTNT

Staff

Hello,

Fix is to add these service accounts to Ignore List in Collector Agent.

Best Regards,

Alivo

masumeceAuthor

New Member

Hi Alivo,

Thank you for quick reply. I was applying ignore list in collector agent like this KB https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828 but when we was applying KB, some user does not to be get internet access until restart the user PC. So what is the actual issue about this and how it will be solved?.

Best Regurds,

Masum

Alivo__FTNT

Staff

Hello Masum, Thank you for feedback. That would mean the users logons were not available anymore (or never). Restarting PC would also mean a new domain logon once user signs in. That is why the internet traffic works again.

This will work until the user is removed due to dead entry interval timer (whether expected or not) or when there was another unwanted logon override. That often happens with already mentioned service accounts. Support, in such cases, will ask you for Collector Agent log in debug level. It contains nearly all information for us to see what happened to user logon after they notice the internet does not work. Not that I am suggesting to you to troubleshoot yourself but the info is there. It will show us for example these logon overrides, changes in IP addresses.

Best Regards,

Alivo

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded