Using FortiGate 60D on 5.0.9. FSSO collector agent has been and is working pretty much as expected. E.g., I can see FSSO login events associating users to their IPs.
But some IP's are losing their userID associations in the traffic logs including web filtering logs. It is not a timeout issue because the user I'm investigating shutdowns every night and logs in every morning. It has been this way for over a month now: no userID is associated with the user's IP for the past month. Some other users on this firewall are okay, that is, their userIDs are associated with the IP they are working from.
We've tried the following to fix the userID/IP that is not working:
[ul]
Restarted the Fortigate because I thought that perhaps an internal table was getting messed up, but the situation remained the same. Tried a Deauthorize option. Couldn't find any documentation for it, but if you bring up the Device manager in FortiManager and then Query then User in the menu, you see a list of users and their user groups. I saw my user and her groups in there. You get an option to Deauthorize if you right click. That seems to clear out the list including my user's. But it didn't make any difference. Her userID and groups reappeared in the list, but her userID is still not appearing in the traffic logs.Restarted the Single Sign On Agent Service on the domain controller.It is a laptop, but we confirmed that the wifi is not being used. We thought maybe there was some IP confusion.We had the user log into a terminal server where the SSO agent is running. The user did get the correct results there.Next we're going to force the laptop to a new IP. I don't have the results yet.[/ul]Anyone have a fix or other ideas?
Thanks!
