FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 193257



This article describes that the FSSO collector agent by default tries to detect workstation IP address changes by resolving the workstation host names via DNS.
The interval in which the IP address verification occurs is configured by the 'IP address change verify interval' timer shown in the below screenshot.

However, some corporate environments with large amounts of workstations can experience delays in workstation IP address verification regardless of what the timer is set to.
This mostly occurs when there are thousands of workstation host names queued for DNS resolution.



To mitigate this issue, FSSO collector agent v5.0.0301 and newer (released with FortiOS 6.4.7+ and 7.0.1+) adds multi-threading support for DNS resolution.
This option can be enabled under FSSO Collector Agent -> Advanced Settings -> General tab -> DNS lookup thread count.

By default, this option is set to '0' and only 1 worker/thread will be used.
However, if for example, the DNS lookup thread count is set to '10', the workstation hostname queue will be split into 10 smaller queues and each will be processed by a separate worker.

This can achieve up to 10x faster processing of the Workstation IP verification queue.


It is necessary to use different amounts of DNS lookup threads for different environments.
This will mostly depend on the workstation count, DNS servers response time, network delay, etc.

Screenshot for reference:

Related articles: