Created on 04-18-2023 10:35 PM Edited on 11-24-2024 06:28 AM By Jean-Philippe_P
This article describes the two operational modes for Fortinet Single Sign On Collector Agent (FSSO-CA).
FSSO Collector Agent.
Fortinet Single Sign-On Collector Agent (FSSO-CA):
FSSO-CA is a software developed by Fortinet Inc. That fulfills the function of a collector agent for domain logon events, it can be installed on a DC or on any other server that belongs to the domain to work with.
FSSO-CA can work in two operation modes 'DC Agent' or 'Polling';
DC Agent mode.
Workflow.
To select this work mode, open FSSO-CA as administrator, Select Show Monitored DCs -> Select DC to Monitor... and select DC Agent Mode. (this work mode may require a server reboot for the first time).
Polling Mode.
Polling Method | Main features | Some issues |
NetAPI |
Polls the NetSessionEnum function every 9 seconds or less. Retrieves login sessions including DC login events. |
Faster but, if DC has a heavy system load some login events can be missed. |
WinSecLog |
Polls all security events on DC every 10 seconds or more Only parses known event IDs by collector agent. (poller ID) |
Log latency if the network is large or the system is slow. Requires fast network links. Some workstation names may be lost.
|
WMI |
DC returns all requested login events every 3 seconds. Improves WinSec bandwidth usage. |
Some workstation names may be lost. |
Workflow.
To select this work mode, open FSSO-CA as administrator, select Show Monitored DCs -> Select DC to Monitor... and select Polling Mode.
Related articles:
Technical Tip: Downloading FSSO agent software
Technical Tip: Configure FSSO in DC Agent mode
Technical Tip: FSSO Agent in polling mode
Technical Tip: Windows event IDs used by FSSO in WinSec polling mode
Technical Tip: FSSO Windows Directory Access Methods - Standard versus Advanced Mode
Technical Tip: FSSO Group Filter configured on Collector Agent
Technical Tip: Restricting a Fortinet Single Sign On Agent Service (FSSO) service account
Troubleshooting Tip: FSSO Complete troubleshooting for TAC tickets
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.