This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
I have a new setup and am having an issue with the SSO. If I login to a laptop that has a wired and wireless connection the sso will only pick up one address. also if I'm on wired and authenticated and switch to wireless the firewall doesn't pick that up and change to the new ip.
anyone else had this issue or worked around it?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 04-18-2017 12:22 AM
Hello Bobby,
You probably are getting a limitation of FSSO as it use the Active Directory logon events to "map" the user to IP and as Windows select only the fastest interface to the network traffic (actually the one with best metric), than the logon occurs only through one of the interfaces/IP.
You can check if is this locking/unlocking the PC when alternated from wired/wireless (although still have the event reading interval if you are not using the AD Agent).
If you are using 802.1x on Wireless you could "anticipate" the IP detection integrating the Radius Accounting to RSSO, combining RSSO with FSSO to keep Fortigate "aware" of all IP that user have.
If not using 802.1x or the RSSO option is not possible may be enable the CLI option of "set ntlm enable" could reduce the issue as yours users will be asked for authentication if the IP are not mapped on Fortigate. The NTLM popup on browser could be eliminated also adjusting the browser trust to include the FGT address.
Needing anything else, please drop a note!
Regards,
Felicio Santos, CAPM
HP MASE FlexNetwork v1, MCITP 2008 SRV, ENT, ENT Messaging
FTNT FCNSA v5 / MCSE NT,2000,2003 / MCSA 2000,2003,2008+SEC,Office365 / Network+
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.