Description
This article describes the necessary configuration for FortiAuthenticator to act as Collector Agent in Polling mode.
Scope
FortiAuthenticator 6.6.2, FortiGate.
Solution
Step 1.
On the FortiGate, an external Connector is added pointing to the FortiAuthenticator.
The User/Groups can be seen or tailored as per the requirements.
Step 2.
- In FortiAuthenitcator, navigate to Fortinet SSO > Settings > FortiGate, enable the authentication by giving the secret key
- Under Fortinet SSO -> Settings -> FortiGate -> Methods, enable 'Windows event log polling' and other necessary settings as per the environment.
- Navigate now to Fortinet SSO -> Methods -> Windows Event log.
- Add the server details as per windows-event-log.
Details to be added:
- NetBIOS name.
- Display name.
- IP.
- Account.
- Password.
- Server type used.
Adding these should have the server enabled and running.
Step 3.
Now, the event logs are seen on the FortiAuthenticator.
Navigate to Monitor -> SSO -> SSO sessions.
If there are specific events to be polled, it is possible to configure by List of Windows event log polling.
The following are useful logs in case there are any issues seen , in this example the FortiAuthenticator IP is 10.10.10.10.
Navigate to the FortiAuthenticator IP, https://10.10.10.10/debug, and look at Single Sign On -> FSSO Agent for any errors.
A successful snippet will show the following:
05/14/2025 17:43:08 [EEEA66C0] Domain Manager [DEBUG]: Found 'IT' in LDAP search in domain DC=startrek,DC=fortinet,DC=lab: CN=IT,OU=LABou,DC=startrek,DC=fortinet,DC=lab
05/14/2025 17:43:08 [EEEA66C0] Domain Manager [DEBUG]: Found user (IT) groups in domain startrek.fortinet.lab
05/14/2025 17:43:08 [EEEA66C0] Group Cache [DEBUG]: try to add startrek.fortinet.lab/IT
05/14/2025 17:43:08 [EEEA66C0] Group Cache [DEBUG]: try to add startrek.fortinet.lab/IT((null))
05/14/2025 17:43:08 [EEEA66C0] Group Cache [INFO]: added: startrek.fortinet.lab/IT
