FSSO Group Filters & Ignore Users

Question

Hello All,

We have configured FSSO on a FG300 running version 5.0 (GA 13)

In this config we are using group filters, but when I check the CA that is running on an A.D. server, we noticed that a service account was logged on multiple times (about 20 times). This service account isn't included in the A.D. servers' groups where we configured the groups that must be used in the identity based firewall policy.These groups have been configured/selected in the FG.

After I had excluded that service account, FSSO seems to be working.

Another important thing: we have upgraded the agents on the DC's but only restarted the services, we didn't do a complete reboot of each A.D. controller.

Could this be the culprit?

Best regards,Torenhof

Syed_Mehmood_Ali · Accepted Answer

Its better to reboot the server whenever install DC agent or upgrade the agent. In my case I tested the DC agent without rebooting the server but results were not accurate.

xsilver_FTNT · Answer

hello,

make sure and double check that there is no slightest possibility of test account being included in allowed (filtered) user groups, keep in mind that if Collector runs in Advanced mode then group nesting is possible and so if group (LOW) is nested inside another group (TOP) then through this mechanism user can be seen as member or group (TOP) regardless he is not direct member of it. He will be there through TOP-LOW-user nested groups chain.

If it still seems correct, open a ticket on support for that and we can test and raise a bug if issue confirmed.

Best regards, Tomas

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded