Technical Tip: Allow direct polling (without collector agent) on Windows Domain Controller from Fortigate

kbahrudin_FTNT · ‎11-27-2016

Description

This article explains how to allow direct polling (without collector agent) on Windows Domain Controller from FortiGate.

Scope

Agentless Polling-mode FSSO.

Prerequisites:

Ensure to have administrative rights on the Windows Server or Domain Controller.
Make sure the FortiGate device is running firmware version 5.0 or above.
Backup the current Windows Server or Domain Controller configurations and settings for safety.

Solution

FortiGate 5.0 and above can poll directly Windows Server or Windows Domain Controller for user logon information without using the Collector Agent.

On Windows Server or Windows Domain Controller, press Windows+r to run a program.
Type gpmc.msc and press Enter.

Once gpmc.msc is running:

Go to Group Policy Management -> Forest : domain -> Domains -> domain -> Right-click Default Domain Policy and select Edit.
Go to Group Policy Management Editor -> Computer Configuration -> Policies -> Administrative Template -> Network -> Network Connections -> Windows Firewall -> Domain Profile.
'Right click' on Allow inbound remote administration exception and select Edit -> Select Enabled then select Apply and OK

Technical Tip: Allow direct polling (without collector agent) on Windows Domain Controller from Fortigate

You are leaving our website