FSSO Polling mode- Dont see user log off in Fortigate

Forum|Forum|10 years ago
December 23, 2015
1 reply
6671 views

Hi Everyone,

Can someone please suggest if you ever came across the issue with FSSO user log off information not getting on the Fortigate.

Model- 1500D

FortiOS- 5.2.4

Fortigate is configured to poll the DCs and are fetching up the information for logins. However, even when the user log off, it continue to show as active user when you check in diag debug authd fsso list or from GUI under Firewall monitor in Users and Device.

Can someone please share the experience and configuration for properly working FSSO.

Please add your valuable suggestions to guide through resolving this issue.

Thanks,

Sandeep Jha

xsilver_FTNT

Staff

Hello Sundeep,

where do you log off ?

If from MS workstation then MS do not track well log off events and so FSSO almost cannot handle/see such event.

Workarounds might be one of those:

---

1. turn to standalone Collector instead of polling from FGT (which has limited functions), use WMI, via registry of Collector turn on logoff WMI checks.

2. shorten workstation checks and dead entry interval so workstation will disappear sooner as werification of logged in user will fail after you log off

3. do not bother and simply wait for new logon to workstation as this event should be spotted by FSSO and processed and so workstation source IP record in FSSO user list on FGT will get overwritten by actual user records

Best regards, Tomas

sandeep_fgtAuthor

New Member

Thank you so much Tomas for responding on this.

I tested it by Logging off from the domain machine

I will try the workaround you suggested..yes the 3rd seems to be ok but I would go for the 1st if that happen to work in my lab..

Thanks,

Sandeep Jha

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded