Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

BobbVand
New Contributor

Created on ‎03-15-2017 08:15 AM

FSSO Issues

I have a new setup and am having an issue with the SSO.  If I login to a laptop that has a wired and wireless connection the sso will only pick up one address.  also if I'm on wired and authenticated and switch to wireless the firewall doesn't pick that up and change to the new ip.

anyone else had this issue or worked around it?

Labels:
163
0 Kudos
1 REPLY 1
Not applicable

Created on ‎04-18-2017 12:22 AM

Hello Bobby,

You probably are getting a limitation of FSSO as it use the Active Directory logon events to "map" the user to IP and as Windows select only the fastest interface to the network traffic (actually the one with best metric), than the logon occurs only through one of the interfaces/IP.

You can check if is this locking/unlocking the PC when alternated from wired/wireless (although still have the event reading interval if you are not using the AD Agent).

If you are using 802.1x on Wireless you could "anticipate" the IP detection integrating the Radius Accounting to RSSO, combining RSSO with FSSO to keep Fortigate "aware" of all IP that user have.

If not using 802.1x or the RSSO option is not possible may be enable the CLI option of "set ntlm enable" could reduce the issue as yours users will be asked for authentication if the IP are not mapped on Fortigate. The NTLM popup on browser could be eliminated also adjusting the browser trust to include the FGT address.

Needing anything else, please drop a note!

Regards,

Felicio Santos, CAPM
HP MASE FlexNetwork v1, MCITP 2008 SRV, ENT, ENT Messaging
FTNT FCNSA v5 / MCSE NT,2000,2003 / MCSA 2000,2003,2008+SEC,Office365 / Network+

153
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.