FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195830



This article explains the use of different FSSO debug commands for troubleshooting FSSO related issues.







Useful FSSO Commands


# diagnose debug application authd 8256
# diagnose debug enable

# diagnose debug authd fsso filter ?

clear     Clear all filters
group     Group name.
server    FSSO agent name.
source    Source IP address.
user      User name

# diagnose debug authd fsso ?

clear-logons      Clear logon information.
filter            Filters used for list or clear logons.
list              List current logons.
refresh-groups    Refresh group mappings.
refresh-logons    Resync logon database.
server-status     Show FSSO agent connection status.
summary           Summary of current logons.

   # diagnose debug authd fsso server-status
Note: If there are more than one FSSO collector agents, the output of this command will print only the connection status of the active/primary FSSO agent.

> Request CA to re-send the active users list to FortiGate:


# diagnose debug authd fsso refresh-logons

> Clear logon info in FortiGate:


# diagnose debug authd fsso clear-logons

* Users must logoff/logon


> Request CA to re-send monitored groups list to FortiGate:


# diagnose debug authd fsso refresh-Groups


> List monitored groups:


# get user adgrp