Description
This article describes how to add applications to an exempt list in Terminal Server agent to ensure the application traffic does not use the user-allocated port range.
Solution
From FSSO version 5.0.0293 (version 5.0.0294 was released with FortiOS 6.4.3 and 6.2.6), Terminal Server Agents support the option of exempting specific applications from port allocation.
This can be done by adding a registry key and pointing it to the proper application names.
These should be the same name as the process that opens TCP/UDP sockets.
This can be checked via commands such as 'netstat'.
To add applications:
1) Shut down the TS Agent service (Win+R, services, scroll down to 'Fortinet SSO Terminal Server Agent', right-selection on the mouse, Stop).
2) Open registry (Win+R, regedit).
3) Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\TSAgent
4) Select an empty section and select New -> String Value.
5) Name it 'IgnoreAppList'.
6) Select the new entry, and select 'Modify'.
7) Add the executables to be ignored (atrium.exe for example, or firefox.exe; separated with a semicolon).
8) Start the service again (Win+R, services, scroll down to 'Fortinet SSO Terminal Server Agent', right-selection on the mouse, Start).
Open a Command Prompt in Windows with administrative privileges.
-> Type ‘netstat –anb'.
-> This will dump a slew of TCP and UDP ports, along with the associated applications.
