FSSO and replacing Domain Controllers

Forum|Forum|5 years ago
October 1, 2020
1 reply
3263 views

currently we use FSSO to manage internet access allowed to users based on their AD group.

FSSO gets the info from our two DNS\ DCs

this weekend we will be replacing our DCs, the final step will be to assign the IP addresses of the two old DCs to the new ones.

so how does that affect FSSO? do I still need to create new AD entries on each of our fortinets for the new DCs, then change the IP on each at the end?

Kenundrum

New Member

Are you using on-firewall polling? Or are you using FSSO agent collectors? I know that my pet peeve about the agent collectors is that they don't automatically update even if you reuse the IPs. It seems to refer to the unique identifiers for the domain controllers and not the IPs. When we cycled through replacing old DCs with newer versions of windows, we had to go through the FSSO agent config and click all the newly created checkboxes and then sync those configs to other collectors. I'm not sure how the process on the firewall itself works.

admiralsuluAuthor

New Member

we are using the collector agent that run on two servers. one as backup.

so sounds like I would have to go and edit the two active DC agents on each server.

did you also have to go into each fortinet and add the new DCs even though you ended up reusing the IPs?

would not surprise me if you have to, since the names will change even though the IP will not (eventually)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded