Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

HubeWisn
New Contributor

FSSO

Hi

in large network there are many branch FGTs, different models from low to high end models. Users use AD and FSSO and the collector sends all active users to all FGTs. Is there any limit? Or do you know any optimization methods how to protect low end FGTs? If there are many users in the organization, the low end devices can be "overwhelmed" by the number of information they receive. Any idea how to deal with it?
2 REPLIES 2
dred_FTNT
Staff
Staff

You can use "Global pre-filter" of the FortiGate filtering to limit groups to specific subset of groups that are needed.   Only groups in the pre-filter will be included in the SSO session on the FAC.  The groups in the SSO session can be further limited on a per-FortiGate basis by configuring a FortiGate filtering object for each individual FortiGate.

David Redberg Fortinet Product Manager
HubeWisn

This is what I was looking for! Many thanks David