Description
Scope
AD, FSAE, Collector Agent, IP address, FortiGate
Solution
Open [HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FSAE\dcagent\ca] and rename the existing key. Use the new IP address as the name of the object instead of old IP address.
The output should be similar to the following display.
This article explains how to change the IP address of the Domain Controller where the Collector Agent component is installed. It does not provide any details regarding Active directory changes required to perform DC address change, refer to Microsoft documentation for more information.
Scope
AD, FSAE, Collector Agent, IP address, FortiGate
Solution
After having modified the IP address and performed all of the necessary changes in order to get AD up and running properly, the next steps are to apply the IP address to FSAE configuration.
1. Modify DCAgent registry entry and point to the new IP.
1. Modify DCAgent registry entry and point to the new IP.
Open [HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FSAE\dcagent\ca] and rename the existing key. Use the new IP address as the name of the object instead of old IP address.
2. If FSAE is being used in Advanced mode and the Collector agent is configured to point to itself, then from the FSAE config screen chose Select Domains To Monitor
3. Select the domain from the list > Settings.
4. If previously custom IP was specified either remove it to use system default or set it to new server IP address. There is no need to modify this setting if running in Standard mode.
5. Modify User > Directory service settings on the FortiGate and point to new IP address.
6. Verify that the FortiGate is talking to the Collector agent by running from CLI
| diagnose debug en diagnose debug authd fsae server-status |
| Server Name Connection Status ----------- ----------------- FortiAD connected |
