Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FiFa_FTNT
Staff
Staff

Created on ‎05-28-2015 12:35 AM Edited on ‎04-08-2022 11:30 AM By Anonymous

Article Id 191924

Technical Note: FSSO collector agent failover configuration

Description

This article provides an explanation of how to configure FSSO for failover.


Solution

In this scenario 2 DCs will be used: 2008 and 2012.  On both DCs are installed FSSO in version 5.0.0237.  Only one FSSO collector agent is connected to FortiGate unit at the moment.
fhajek_FD36603_tn_FD36603-1.jpg

The FortiGate configuration is shown below:
fhajek_FD36603_tn_FD36603-2.jpg
fhajek_FD36603_tn_FD36603-3.jpg
The 2012 server shows as connected to the FortiGate and IP address of 2012 server is in bold font. The FSSO service will now be stopped on the 2012 server (or simulate that  DC 2012 is not reachable).
fhajek_FD36603_tn_FD36603-4.jpg

The FortiGate then switches to the next FSSO collector agent specified in configuration.
fhajek_FD36603_tn_FD36603-5.jpg
In CLI the configuration is as follows:

config user fsso
    edit "fsso"
        set server "10.94.0.173"
        set server2 "10.94.0.174"
    next
end

FGVM010000018394 # diag debug authd fsso server-status

Server Name     Connection Status     Version
-----------     -----------------     -------
fsso            connected             FSSO 5.0.0237
 

 

Labels:
6159
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.