FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Community Manager
Community Manager
Article Id 197568
Microsoft Windows does not provide reliable logoff event monitoring that could be used by FSSO. 
In order to verify if the same user is still logged on to a workstation, the FSSO Collector Agent needs to send a WMI query to each workstation.

The default Workstation Verify Interval is set to 5 minutes and can be adjusted as shown on bellow screenshot.

However, some corporate environments with large amounts of workstations can experience delays in workstation verification regardless of what the timer is set to. 
This mostly occurs when there are thousands of workstations queued for WMI query while many of them are unreachable. 
In extreme cases, it may take even several hours before all workstations in the queue are queried.

To mitigate this issue, FSSO Collector Agent v5.0.0301 and newer (released with FortiOS 6.4.7+ and 7.0.1+)  adds multi-threading support for Workstation Verification. 
This option can be enabled under FSSO Collector Agent -> Advanced Settings -> General tab -> Workstation check thread count

By default, this option is set to '0' and only 1 worker/thread will be used. 
However, if for example,  the Workstation check thread count is set to '10' the queue of workstations to be checked with WMI query will be split into 10 smaller sub-queues. 

Each sub-queue will be processed by separate worker, which can achieve up to 10x faster processing of the Workstation check queue. 

It is maybe necessary to use different amount of Workstation check threads for different environments. 
This will mostly depend on the workstation count and how many of the workstations are unreachable (TCP timeout). 

Related Articles

Troubleshooting Tip: User status 'Not Verified' on the FSSO Collector Agent