Description | This article describes the behavior of FSSO polling agentless to get the IP address of the machine where the user authenticates. |
Scope | FortiGate. |
Solution |
To show the behavior, a wrong IP address has been set for the hostname machine1.fortinetmnl.com to see if polling mode agentless FSSO authentication is also dependent on resolving the hostname of the machine to know the source IP of the one sending authentication.
The real IP address of the test machine where I authenticated username 'avaldez'.
The DNS record for machine1.fortinetmnl.com is 10.115.1.251. But the real IP of the machine is 10.115.4.252. Authentication 'avaldez' has been triggered in machine 10.115.4.252 hostname machine1.fortinetmnl.com and is resolvable to IP address 10.115.4.251. Here is the FSSO polling agentless output for that authentication.
kvm34 # diag firewall auth list
024-03-04 21:28:20 [fsso_ldap_session_state:82] ldap session state transit from init->user
Result: FSSO Polling Agentless is not dependent on the DNS record of the machine to get the IP address where the user authenticates.
Other Reference about FSSO Agentless Polling: Troubleshooting Tip: How to troubleshoot FSSO agentless polling mode issue |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.