zohaibm27
New Contributor

FSSO not work properly

HI, 

   I have 100D with HA, its work properly.recently I integrates AD with fortigate through FSSO applications. My FSSO connectivity fine and I can monitor all user in fortigate in the users tab User & Devices >>Monitor >>Firewall and Check on FSSO all users listed which are logon but here some users show as a guest why this behavior Please help regarding this .

 

FortiOS Patch 5.0.9

 

Zohaib Khan

Network /System Engineer

2 REPLIES 2
dhandinder86
New Contributor

Hello,

 

The reasons for those users logged in as FSSO Guest could be the following.

a) Users who are trying to authenticate with FSSO are non domain users.

b) Users are not part of the AD users group which you are monitoring with FSSO. 

c) Users are configured in the Ignore User List settings of Collector Agent such that those users login event will not be send by the Collector Agent.

 

For more information about the FSSO Guest users you can check with the following kb articles.

 

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30837&sliceId=1...

 

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31780&sliceId=1...

 

Thanks & Regards,

Inder

obfuscated
New Contributor II

 

 

What topolgy are you using ie Collector Agents and DC agents and what AD groups are you pulling through the collector agent?

 

If you try running a 'diag debug authd fsso list'  on the Fortigate it should show which group it can see and compare this to the logs on the Collector/DC Agent.

 

Happy Hunting...