Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎05-15-2023 04:46 AM

Article Id 256558

Technical Tip: Wrong IP in FSSO agentless polling mode

Description

This article describes a case scenario where a user is bound to the wrong IP while authenticating using FSSO agentless polling mode.

mle2802_0-1684150633636.png

 


mle2802_1-1684150633642.png
Scope All firmware and FortiGate.
Solution

This behavior happens when the PC on which the user is logged in is located on a different network than the AD server and NAT is enabled on the policy between those networks.

With NAT enabled, it will be translated to the FortiGate interface IP instead. In this case, it is 10.1.1.1.

After disabling NAT on the internal policy between the AD server and the user network, the right IP will be shown.

mle2802_2-1684150652542.png

 


If the issue persists, contact Fortinet support.
1047
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.