Description
This article describes how the 'Sync configuration with other agents' option works in the FSSO collector agent.
Scope
The Fortinet single sign on collector agent in any supported version of FortiGate.
Solution
Up to 5 FSSO Collector Agents can be configured within one FSSO fabric connector.
FSSO redundancy works on the 'connect-and-stick' principle, which means that as soon as the Fabric connector is configured, the FortiGate will try to connect collector agents. It will start from the first entry (known as the primary agent). Once it establishes a connection with that collector agent, it will keep on communicating with it unless it becomes unresponsive, in which case it will fall back to the next FSSO collector (the secondary agent)and stay on it until the secondary becomes unresponsive. Afterward, it will try to connect to the primary agent again if it is available.
If the environment contains more than one FSSO Collector Agent, all of them have to be configured in exactly the same way to make sure that the user identity information is correctly delivered to the FortiGates and FortiProxies.
All the settings of the FSSO Collector agents must be configured manually except for the group filters and the ignored user lists.
Both of these parameters can be synced from one collector agent to another agent or other agents.
Synchronization is achieved by the 'Sync configuration with other agents' option (a button on the FSSO Collector agent Configuration GUI) on the FSSO collector agent.
This option allows for group filters and ignored user lists can be pushed from the source FSSO Collector agent to all selected FSSO collector agents.
