Skip to main content
J13224
J13224
Explorer
July 11, 2018
Question

Is FortiGate as a local FSSO poller with mutiple DC's possible?

  • July 11, 2018
  • 1 reply
  • 4772 views

Can FSSO work in a small AD network with 2 DC's using the FG as a Local FSSO poller (Agentless)

I have it configured with 2 SSO connections one to each DC but it does not seem to be capturing logons to the 2nd DC. 

 

I have seen mixed information as to if this is possible without an "external" collector agent.

 

Thanks,

    1 reply

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    July 12, 2018

    Hi J13224,

    local polling from FortiGate is possible.

    However it has it's limits. Mainly:

    - no workstation checks

    - no other methods of log collection but WinSec polling only with fixed EventIDs polled

    - no IP change monitoring

    - logon processing load affect firewall

     

    Standalone Collector Agent is from my point of view much better solution.

    Even for small environments like 1-2 DCs.

    I would suggest to install Collector on one DC (or both for resiliency, but FortiGate will use only one at a time and switch to other when old one is unreachable).

    And I wouls suggest to use WinSec polling with WMI (last polling option in settings).

     

    Kind regards,

    Tomas

    J13224
    J13224Author
    Explorer
    July 19, 2018

    Thanks Tomas,

     

    I think I will deploy with the Collector Agent as you suggest,  I like the additional features.

     

    But I am wondering, in case it comes up in the future. Do you know if Fortigate can support local polling from the FortiGate from multiple DC's.  "Technically" it looks like is should and the unit does not display any errors when I set it up,  it just does not record the secondary server logons and I do not get any debug errors.  In fact I see the FG logon in the security event viewer of the second DC.  The events just do not get merged with the primary.

     

    Thanks again,

     

    Jim Greco

     

     

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    July 20, 2018

    Sorry to say, but I would not bother with local polling for more than a single DC in single domain and few users.

    Anything bigger than that is way better via standalone Collector Agent of FortiAuthenticator.

    Both can handle single domain and few users up to tens of DCs, multidomain environment and thousands of users.

    Why I should load FortiGate and use precious resources where what I need from FW is speed, and I do have plenty of resources on DCs + free of charge standalone Collector Agent ?

    I do not really see the point in local polling beside initial test (POC).

    Terms & ConditionsAccessibility statement