Description
This article explains the use of different FSSO debug commands for troubleshooting FSSO related issues.
Scope
FortiGate
Solution
Useful FSSO Commands
# diagnose debug application authd 8256
# diagnose debug enable
# diagnose debug authd fsso filter ?
clear Clear all filters
group Group name.
server FSSO agent name.
source Source IP address.
user User name
# diagnose debug authd fsso ?
clear-logons Clear logon information.
filter Filters used for list or clear logons.
list List current logons.
refresh-groups Refresh group mappings.
refresh-logons Resync logon database.
server-status Show FSSO agent connection status.
summary Summary of current logons.
# diagnose debug authd fsso server-status
Note: If there are more than one FSSO collector agents, the output of this command will print only the connection status of the active/primary FSSO agent.
> Request CA to re-send the active users list to FortiGate:
# diagnose debug authd fsso refresh-logons
> Clear logon info in FortiGate:
# diagnose debug authd fsso clear-logons
* Users must logoff/logon
> Request CA to re-send monitored groups list to FortiGate:
# diagnose debug authd fsso refresh-Groups
> List monitored groups:
# get user adgrp
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.