FSSO conflicts between WiFi and wireless connection

Question

Hello Techies,I have two Fortigate 500E running in HA. In our network, we are using windows 2012R2 server as AD, DHCP, & DNS server. For single sign-on we are using agent base configuration. Users are able to get authentication and access the network services as per defined policy. Now issue occurs when a user switched the connection from WiFi to wired or vice versa, User gets sign in with previous IP address.For example, John is connected to Wifi and his IP address is 192.168.10.10, he is able to access the internet services. If I check the FSSO monitor in Fortigate there will be an entry of John with Ip address 192.168.10.10 and this is alright. Now if John disconnects the WiFi and connects through the wired network and his wired adapter IP is 192.168.10.11he is not able to access the internet, If I check the FSSO monitor John is still showing with the Ip address 192.168.10.10 even after disconnecting the WiFi. I have tried with log off and lock/unlock the PC but this practice didn't work.

Alivo__FTNT · Answer

Hello,

FSSO does not conflict. FSSO Collector Agent gets data from its DNS. By default, every minute the Collector Agent performs DNS check asking its underlying DNS server for an IP of a particular workstation the user have logged on from. What DNS returns is used and seen in Show Logon Users in the Collector Agent. You can do simple check by: nslookup <workstation name> on the same server where DNS is. At the same time check ipconfig of that workstation and check if the DNS server is the same. In 99% of these cases the issue is that not all DNS servers have same IP that Collector Agent's DNS server has. This issue multiplies in dynamic DHCP/DNS environment.

Best Regards,

Alivo

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded