Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fquerzo_FTNT
Staff
Staff

Created on ‎08-08-2019 02:41 AM

Article Id 193760

Technical Tip: Terminal Server Agents and SMB Shared Folders

Description
This article explains why Samba shared folder access might not be reachable when access from Terminal Server with Terminal Server Agent (TS Agent) through identity based policies.

Solution
SMB application does not use the user port-range assigned by TS Agent.
SMB uses system port range, therefore the port-range mismatch causes authentication failure when validating against firewall policies with FSSO on FortiGate unit.

Reason for this is that SMB traffic is initiated by system process.
Any traffic initiated by system process follows the system port range so it cannot be associated with a user.
TS Agent can only intercept traffic initiated by a user process.

Create separate firewall policy without authentication for SMB traffic


4042
Submit Article Idea
Comments
JNDias
Staff
Staff
‎07-05-2022 08:56 AM

An example of the issue:2022-07-05_16-55.jpeg

Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.