FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nivedha
Staff
Staff
Article Id 284137
Description This article describes how to check the users logged in using FSSO.
Scope FortiGate.
Solution

Users logged into SSL VPN are considered as firewall users and users logging into a domain-joined machine are FSSO users.

 

To view FSSO users, Navigate to Dashboard -> User and Devices -> Firewall users, and on the right side top, select 'Show all FSSO Logons'.


FSSO.PNG

 

Note:
On the latest FortiOS version 7.0.13+, 'Show all FSSO Logons' should be enabled from the Firewall Users setting.

Firewall_User.PNG Firewall_User_2.PNG


From v7.4.x, User and Devices Dashboard is moved to Asset and Identities on FortiGate. To View FSSO users, navigate to Dashboard -> Asset and Identities -> Firewall users, and on the right side top, select 'Show all FSSO Logons': Updated Dashboard and FortiView.

 

It is even possible to list the FSSO users using the following command in CLI:

 

diagnose debug authd fsso list

 

Knowing the user or IP, the output can be filtered using 'grep', for example:

 

diagnose debug authd fsso list | grep -i user123

 

Alternatively, the output can be made readable by showing all the users the firewall knows, more closely to what the dashboard of Firewall users shows:


diagnose firewall auth list


Analogie to the previous command, it can be filtered too, using grep.

 

diagnose firewall auth list | grep -i -A 7 user123