FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195830



This article explains the use of different FSSO debug commands for troubleshooting FSSO related issues.







Useful FSSO Commands


diagnose debug application authd 8256
diagnose debug enable

diagnose debug authd fsso filter ?

clear     Clear all filters
group     Group name.
server    FSSO agent name.
source    Source IP address.
user      User name

diagnose debug authd fsso ?

clear-logons      Clear logon information.
filter            Filters used for list or clear logons.
list              List current logons.
refresh-groups    Refresh group mappings.
refresh-logons    Resync logon database.
server-status     Show FSSO agent connection status.
summary           Summary of current logons.

   diagnose debug authd fsso server-status

Note: If there are more than one FSSO collector agent, the output of this command will print only the connection status of the active/primary FSSO agent.


  • Request CA to re-send the active users list to FortiGate:


diagnose debug authd fsso refresh-logons


  • Clear login info in FortiGate:


diagnose debug authd fsso clear-logons

* Users must logoff/logon


  • Request CA to re-send the monitored groups list to FortiGate:


diagnose debug authd fsso refresh-groups


  • List monitored groups:


get user adgrp