Description
This article explains the use of different FSSO debug commands for troubleshooting FSSO related issues.
Scope
FortiGate.
Solution
Useful FSSO Commands
diagnose debug application authd 8256
diagnose debug enable
diagnose debug authd fsso filter ?
clear Clear all filters
group Group name.
server FSSO agent name.
source Source IP address.
user User name
diagnose debug authd fsso ?
clear-logons Clear logon information.
filter Filters used for list or clear logons.
list List current logons.
refresh-groups Refresh group mappings.
refresh-logons Resync logon database.
server-status Show FSSO agent connection status.
summary Summary of current logons.
diagnose debug authd fsso server-status
Note: If there are more than one FSSO collector agent, the output of this command will print only the connection status of the active/primary FSSO agent.
- Request CA to re-send the active users list to FortiGate:
diagnose debug authd fsso refresh-logons
- Clear login info in FortiGate:
diagnose debug authd fsso clear-logons
* Users must logoff/logon
- Request CA to re-send the monitored groups list to FortiGate:
diagnose debug authd fsso refresh-groups
get user adgrp
