Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
khoffman
Staff
Staff

Created on ‎05-21-2024 11:00 AM

Article Id 316111

Troubleshooting Tip: Using the CLI tool 'ssotool' to view FSSO and Security Fabric connections in FortiNAC

Description This article describes how to use the CLI tool "ssotool" in the FortiNAC-F. "ssotool" is a command line tool to assist with quickly deterring the type of connector has been configured from the FortiNAC CLI.
Scope ForitNAC-F 7.2 & 7.4.
Solution
  1. Login to the FortiNAC-F CLI.
  2. Enter the shell. 

 

execute enter-shell

 

 

  1. Use the following syntax to print established connector agents from the CLI:

 

ssotool -listAgents

 

Example output for Security Fabric Connection (Dynamic Address Tags): 


ssotool.PNG

 

 

Example output for Connector-Based FSSO:

 

FSSO.png


When no connector has been established with FortiNAC, the following output is seen:  

 

execute enter-shell
ssotool -listAgents
Exception in thread "main" java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.RemoteException
at com.sun.corba.se.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:191)
at com.bsc.api.CORBAUtil.mapSystemException(CORBAUtil.java:26)
at javax.rmi.CORBA.Util.mapSystemException(Util.java:95)
at com.bsc.api.sso._SSOManagerInterface_Stub.dumpSSOAgents(Unknown Source)
at SSOTool.<init>(SSOTool.java:119)
at SSOTool.main(SSOTool.java:315)
Caused by: java.rmi.RemoteException
at com.bsc.plugin.manager.SSOManager.dumpSSOAgents(SSOManager.java:5057)
at com.bsc.plugin.manager._SSOManager_Tie._invoke(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:654)
at com.sun.corba.se.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:205)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1700)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1558)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:940)
at com.sun.corba.se.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:198)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:712)
at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.dispatch(SocketOrChannelConnectionImpl.java:474)
at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:311)
at com.sun.corba.se.impl.transport.ReaderThreadImpl.doWork(ReaderThreadImpl.java:98)
at com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:490)
at com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:519)
SSOTool found no agents

 

Possible causes:

  • Traffic is not allowed between FortiNAC and the FortiGate firewall.
  • Protocol (FSSO) has not be enabled on the FortiNAC management interface.


Related articles: 
245
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.