Skip to main content
FrancoisBlanchon
FrancoisBlanchon
Visitor III
February 9, 2022
Solved

FSSO questions : filter unwanted logon entries related to client private IPs

  • February 9, 2022
  • 1 reply
  • 2781 views

Hi all,

 

I setup user auth with FSSO DC agent mode, and as there is many entries I would like to filter a bit.

The filter criteria I would like to setup is based on the workload IP addresses.

I have many users, connecting from home, that have FSSO entries with their own private home IPs.

For example. user lamdba is seen with its VPN tunnel IP to Office and its private IP (so 2 FSSO entries).

As the last ones are useless for filtering, I would like to know if it is possible to filter on DC agent or Collector Agent ?

Thanks a lot

FB

Best answer by mturic

Hi,

 

there is a registry entry in FSSO Collector Agent that you could use, dc_agent_ignore_ip_list. All IP addresses added to this registry entry will be ignored for IP based FSSO.
In this registry entry you can add individual IPs, and starting from FSSO CA version 5.0.0302,  IP address ranges in the following format: 1.2.3.4;10.0.0.0-20.255.255.255;7.8.9.0

 

Also worth mentioning, this works for DC Agent mode and Polling mode as well, only TS-Agent logons will not be affected by this registry entry.

You can check the following article for further info:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Excluding-IP-addresses-from-FSSO-logon-events/ta-p/196270

1 reply

mturic
Staff & Editor
mturicAnswer
Staff & Editor
February 17, 2022

Hi,

 

there is a registry entry in FSSO Collector Agent that you could use, dc_agent_ignore_ip_list. All IP addresses added to this registry entry will be ignored for IP based FSSO.
In this registry entry you can add individual IPs, and starting from FSSO CA version 5.0.0302,  IP address ranges in the following format: 1.2.3.4;10.0.0.0-20.255.255.255;7.8.9.0

 

Also worth mentioning, this works for DC Agent mode and Polling mode as well, only TS-Agent logons will not be affected by this registry entry.

You can check the following article for further info:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Excluding-IP-addresses-from-FSSO-logon-events/ta-p/196270

FrancoisBlanchon
FrancoisBlanchonAuthor
Visitor III
February 28, 2022

Hi mturic,

Thanks for information, it works.

Best regards,

François

Terms & ConditionsAccessibility statement