FSSO strange behavior

Forum|Forum|6 years ago
March 3, 2020
1 reply
3024 views

We are using FSSO and AD groups to manage authentication and access. Device is Fortigate 80E v6.07. We noticed a strange behavior and I would like to know if this is normal behavior or not. Let's say I have the following setup:

[ul]

2 IPv4 policies:[ul]

www (regular internet access)

www-Restricted ( restricted internet access).[/ul]

An AD group called "LimitedNetAccess" is defined as a source in the www-restricted policy.

I have user A and user B, both members of LimitedNetAccess.

A workstation on the plant floor on which a windows session is opened as user A.[/ul]

Scenario: User B uses the workstation to start a remote desktop session to his own remote computer (from inside user A session). He provides his credentials to the rdp session then closes it after he's done. What I see in the webfilter logs :(

[ul]

First I see entries where the source = UserA (ip_address) ; Policy = www-Restricted

then it changes to source = UserB (ip_address) ; Policy = www-Restricted

then it change to (ip_address) ; Policy www[/ul]

It stays like this for many hours in a row, meaning userA now has regular internet access. If we lock/unlock the workstation using userA credentials, then things go back to normal.

Is this a bug ? At least, I would expect that it returns to userA without having to lock the PC...

Alivo__FTNT

Staff

Hello,

It won't return to user A as there is nothing that should trigger such action. Collector Agent does not keep table of previous users on a workstation. What might help you though is described n this KB article:

Technical Tip: FSSO RDP logon override https://kb.fortinet.com/k....do?externalID=FD45999

Best Regards,

Alivo

BitmanAuthor

New Member

Hi Alivo,

thanks very much for pointing me to this KB, that will probably solve my problem !

Best regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded