Skip to main content
Vasya
Vasya
New Member
October 3, 2017
Solved

I add FSSO group in policy. It don't work.

  • October 3, 2017
  • 1 reply
  • 14146 views

Hello, guys! I have FortiGate 200D v5.6.2 build1486 (GA). I created proxy-policy. I add FSSO group there, but this policy don't work. The policy without FSSO group worked.  When I use "diagnose debug authd fsso list", I see correct FSSO logons.

When I use "diagnose debug enable" and "diagnose degug authd fsso server-status", I see my Server Name and Connection Status - connected. Help me please.

Best answer by Vasya

This KB have solution. http://kb.fortinet.com/kb...teId=0%200%20117388209

1 reply

xsilver_FTNT
Staff
xsilver_FTNT
Staff
October 3, 2017

I would suggest following steps

1. flow debug - to check how the traffic from WKS pass the firewall and if intended policy with FSSO is tried to be used

2. packet capture/sniffer to verify source IP and traffic from WKS

3. check if policy matches traffic pattern

4. check if src IP address of the traffic matches to your FSSO records on FGT and that user does belong to firewall-fsso group in policy

Vasya
VasyaAuthor
New Member
October 4, 2017

Sorry for my bad english.

[ol]
  • Traffic from Workstation pass to my explicit web proxy;
  • For test I checked one Workstation. It's my Workstation and I know IP address;
  • How do it?
  • User it is my AD account. My account member of AD group, that I add my explicit web proxy policy.[/ol]

    I created policy in "Policy & Objects -> Proxy Policy". Porxy type: Explicit web. Outgoing Interface: "WAN"(Internet).

    Enabled on: "LAN" interface. Source: IP address my Workstation and User group. Destination: all.

    As intermediary I use "Fortinet-Single-Sign-On Agent".

     

    When I delete "User group" from Source this Proxy Policy worked.

    • Terms & ConditionsAccessibility statement