Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FrankY1
Staff
Staff

Created on ‎12-15-2024 11:10 PM

Article Id 364887

Technical Tip: FSSO Collector Agent Events And Windows Machine Status Change

Description This article provides details of what FSSO collector agent events are expected when the status of an LDAP-connected Windows client machine changes. 
Scope FortiGate.
Solution

When a Windows client machine is domain joined, and its machine status changes, the domain controller does not always generate a logon event.

The FSSO collector agent collects user logon events from domain controllers and forwards this information to FortiGate.

Refer to the table below for the type of domain controller security event and CA event generated when the machine status changes. 

 

Status Change Authentication Method Domain Controller Security Event Collector Agent Event
Sleep -> Out of sleep. Local cache. None. None.
Hibernate -> Out of hibernate. Local cache. None. None.
Lock -> Unlock. Active Directory. Logon. Logon.
Sign out -> Sign in. Active Directory. Logon .

Logon.
Shutdown -> Sign in. Active Directory. Logon. Logon.
RDP to another machine (Non-RDS server). Active Directory. Logon. Override (RDP client username is passed to the server).

 

Labels:
278
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.