Description

This article provides an overview of various FSSO debug commands used for troubleshooting FSSO-related issues.

Scope

FortiGate.

Solution

Useful FSSO Commands

diagnose debug application authd 8256
diagnose debug enable

diagnose debug authd fsso filter ?

clear     Clear all filters
group     Group name.
server    FSSO agent name.
source    Source IP address.
user      User name

diagnose debug authd fsso ?

clear-logons      Clear logon information.
filter            Filters used for list or clear logons.
list              List current logons.
refresh-groups    Refresh group mappings.
refresh-logons    Resync logon database.
server-status     Show FSSO agent connection status.
summary           Summary of current logons.

   diagnose debug authd fsso server-status

Note: If there is more than one FSSO collector agent, the output of this command will print only the connection status of the active/primary FSSO agent.

• Refresh the FSSO connection status:
  
  

execute fsso refresh

• Request CA to re-send the active users list to FortiGate:

diagnose debug authd fsso refresh-logons

• Clear login info in FortiGate:

diagnose debug authd fsso clear-logons

* Users must logoff/logon

• Request CA to re-send the monitored groups list to FortiGate:

diagnose debug authd fsso refresh-groups

• List monitored groups:

get user adgrp