Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Somashekara_Hanumant
Staff
Staff

Created on ‎08-27-2024 06:30 AM

Article Id 336725

Technical Tip: How to clear single FSSO user logon event

Description This article describes how to clear a single FSSO user login event from FortiGate.
Scope FortiGate with the Fortinet Single Sign-On Agent.
Solution

Using the FSSO collector agent it is not possible to clear a single user logon event, however, using FortiGate it is possible to clear the single FSSO user logon event using the below commands.

 

Check all the FSSO users by using the below command:

 

FGT # diagnose debug authd fsso list
----FSSO logons----
IP: 10.86.9.42 User: SSLVPN2 Groups: DXBLAB/SSLVPNGRP Workstation: BOSON-KVM62 MemberOf: DXBLAB/SSLVPNGRP
IP: 10.87.9.42 User: SSLVPN1 Groups: DXBLAB/SSLVPNGRP Workstation: BOSON-KVM52 MemberOf: DXBLAB/SSLVPNGRP

IP: 10.87.9.78 User: ADMINISTRATOR Groups: DXBLAB/SCHEMA ADMINS+DXBLAB/DOMAIN USERS+DXBLAB/DOMAIN ADMINS+DXBLAB/ENTERPRISE ADMINS+DXBLAB/GROUP POLICY CREATOR OWNERS+DXBLAB/DENIED RODC PASSWORD REPLICATION GROUP+DXBLAB/ADMINISTRATORS+DXBLAB/REMOTE DESKTOP USERS+DXBLAB/USERS Workstation: BOSON-KVM78 MemberOf: DXBLAB/SCHEMA ADMINS DXBLAB/DOMAIN USERS DXBLAB/DOMAIN ADMINS DXBLAB/ENTERPRISE ADMINS DXBLAB/GROUP POLICY CREATOR OWNERS DXBLAB/DENIED RODC PASSWORD REPLICATION GROUP DXBLAB/ADMINISTRATORS DXBLAB/REMOTE DESKTOP USERS DXBLAB/USERS

 

Using the below command, it is possible to clear a single FSSO user login event:

 

FGT # diagnose debug authd fsso filter user ADMINISTRATOR --> Set the username as displayed from the above command, also options below are available.

 

clear Clear all filters.
source Source IP address.
user User name.
group Group name.
server FSSO agent name.

 

FGT # diagnose debug authd fsso list  --> Verify whether there is the same user alone after setting the filter or not.

 

IP: 10.87.9.78 User: ADMINISTRATOR Groups: DXBLAB/SCHEMA ADMINS+DXBLAB/DOMAIN USERS+DXBLAB/DOMAIN ADMINS+DXBLAB/ENTERPRISE ADMINS+DXBLAB/GROUP POLICY CREATOR OWNERS+DXBLAB/DENIED RODC PASSWORD REPLICATION GROUP+DXBLAB/ADMINISTRATORS+DXBLAB/REMOTE DESKTOP USERS+DXBLAB/USERS Workstation: BOSON-KVM78 MemberOf: DXBLAB/SCHEMA ADMINS DXBLAB/DOMAIN USERS DXBLAB/DOMAIN ADMINS DXBLAB/ENTERPRISE ADMINS DXBLAB/GROUP POLICY CREATOR OWNERS DXBLAB/DENIED RODC PASSWORD REPLICATION GROUP DXBLAB/ADMINISTRATORS DXBLAB/REMOTE DESKTOP USERS DXBLAB/USERS
Total number of logons listed: 1, filtered: 2

 

FGT # diagnose debug authd fsso clear-logons   --> This command clears the logon event for the above set user.

 

FGT # diagnose debug authd fsso filter clear   --> Clear the filter set.

 

FGT # diagnose debug authd fsso list   --> Verify the User list again and check whether the above user is cleared or not.

IP: 10.86.9.42 User: SSLVPN2 Groups: DXBLAB/SSLVPNGRP Workstation: BOSON-KVM62 MemberOf: DXBLAB/SSLVPNGRP
IP: 10.87.9.42 User: SSLVPN1 Groups: DXBLAB/SSLVPNGRP Workstation: BOSON-KVM52 MemberOf: DXBLAB/SSLVPNGRP

 

359
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.