Created on 10-26-2020 07:09 AM Edited on 03-15-2024 12:46 AM By Anthony_E
Description
This article describes how to run FSSO in dual (or multi) NIC environment.
Quite often we see issues in FSSO caused by simultaneous use of wired and Wi-Fi connections, especially with docking stations and notebooks.
Not that often in dual-NIC/dual-LAN standalone workstations.
Root cause of the issue is singe IP A record in DNS.
In Short: (Below behavior seen in Windows Server 2012 R2)
Issue with single IP A DNS record in Microsoft environment is usually caused by DNS and DHCP server setup.
Where DNS is set to be updated only by DHCP, which locks the records.
DHCP also update workstation's single A record in DNS with the very last assigned IP.
There is no secondary IP, for secondary network interface created in DNS.
** Windows Server 2019 does support same A record with 2 different IP addresses. **
For example:
In a bit more details:
When Collector Agent does DNS resolution of workstation name (as Events from DC mostly do not contain IP but NetBIOS hostname, and so DNS resolution is crucial and needed), or periodic IP check, then workstation name resolves to just one IP from DNS. Wi-Fi IP in above mentioned case, last IP assigned by DHCP in general.
Therefore FSSO user record is created/updated with one IP as Collector Agent, based on latest DNS record, does believe that workstation has just one NIC and IP assigned to it.
To check.
if that is the root cause, simply do nslookup on machine (DC most probably) where Collector is installed to see actual IP of the workstation after it connected to wired, then when it connects to Wi-Fi.
one IP only will always be visible.
Solution
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.