Technical Tip: How to verify DC agent FSSO is send...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 396294

Description

This article describes how to verify user authentication information on FortiGate, which the DC agent sends.

Scope

FortiGate.

Solution

FSSO is configured on FortiGate.
Refer to the article below to configure FSSO in DC Agent mode.

Technical Tip: Configure FSSO in DC Agent mode.

Run the debug command below to verify that user information is sent by the DC Agent to FortiGate

diagnose debug application authd 8256
diagnose debug enable <----- To enable debugging.

Example output.

[_process_logon:1082]: TEST (192.168.30.2, 0) logged on from Local FSSO Agent. <----- TEST is a user.
[_process_logon:1082]: TEST (192.168.30.2, 0) logged on from FSSO-test.ca. <----- FSSO external collector name.

The two debug outputs above show that auth information is sent from the DC Agent to FortiGate. FortiGate will add the user information to the FSSO auth list.

[_process_logoff:1179]: TEST (192.168.30.2, 0) logged off from Local FSSO Agent.

The log above shows that the DC Agent is sending log off information to the FortiGate.

Related articles:

155

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to verify DC agent FSSO is sending user authentication information to FortiGate

You are leaving our website