FSSO agent in hybrid AD enviroment

Forum|Forum|1 year ago
January 29, 2025
1 reply
785 views

Hi, we have two DC onprem and two on Azure, installed agents 5.0.0314 on all four, created a network rule on azure firewall to allow all traffic (* ports and * protocols) between Fortigate appliance and all the DC (windows server 2019) (we have also a VPN from prem toward azure subnets), well, when it's time to switch connection between the DC's agents only the two onprem talk with the appliance no traffic coming to the appliance from the two DC on azure, tried to telnet in every direction on 8000 and it shows me the service listening... any hint? thanks.

FortiGate

Dhruvin_patel

Staff

Hello!

Is this a DC agent-based FSSO setup? If so, which DC is the Collector Agent (FSSO agent) installed?

The DC Agent and the Collector Agent communicate over UDP port 8002.

Please ensure that communication is allowed between the DC running the DC Agent and the DC running the Collector Agent over UDP port 8002.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FSSO-Collector-agent-redundancy-with-two-Windows/ta-p/191577

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Port-blocks-in-Windows-Server-in-FSSO/ta-p/279084

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Common-reasons-FSSO-status-shows-as-down-on-the/ta-p/193790

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-cannot-connect-to-FSSO-Agent-on/ta-p/221262

Best Regards!

Dhruvin Patel

alessandrofiumanoAuthor

New Member

TY for the answer, the agent is installed on all 4 DCs the problem appliance can't switch on the two on azure. Will try to find something to check udp port since telnet isn't.

GSI

New Member

Hi Alessandro,
Did you manage to solve the problem? we are facing an almost identical situation...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded