FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how Active Directory (AD) Login messages are over written by the FSSO Collector Agent (CA) when FortiGate authentication with LDAP
and AD FSSO are configured on the Windows AD Server.
With FortiGate FSSO, if a user cannot be authenticated by a Windows Active Directory Domain but can be authenticated by LDAP a new logon
event is sent to the FSSO Collector Agent (CA).
The CA User Monitor will show the:
- Authenticated LDAP user - Same user as FSSO - IP
address of the LDAP server (e.g. 10.5.0.12)
Example: CA Logon users list before the LDAP authentication event:
users list after the LDAP authentication event:
FortiGate User Monitor List after the
Solution To override the
original logon entry
in the FSSO CA the option enable "DisableRDP Override" in the FSSO CA.
This will avoid capturing the logon event that Windows AD
generates when LDAP authentication. Note: If no AD user entry exists in the FSSO CA, the AD user account
is ignored by the CA and a new entry will be shown - LDAP user logged
on the AD DC
Server In the FSSO CA: Show
Monitored DCs -> Select DC to Monitor and enable "Disable