Hello,
I have a very strange situation.
I installed a FGT-51E and FSW-124E-FPOE with 6.2.3...
Since these systems are running users are reporting that they will be kicked out sometimes from the network. RDP sessions will be closed, program which are running on the server will be closed etc. And that is happening while they are working.
Very strange. I configured a ping test and during the "outage" the ping did not stopped.
I have no idea how to check what could be the root cause for that.
I configured two vlans (office and server) and assigned them as native vlan on the switch. Is this the correct way how to do that? On the firewall there is policy which is allowing the traffic without any restrictions.
Recommended use FortiOS 6.0.9 and SwitchOS 6.2.3 cause Resolved Issues
592111 : FortiSwitch shows offline CAPWAP response packet getting dropped/failed after upgrading from 6.2.2.
I believe you need to leave your native vlan (vlan1) alone in that Native VLAN field, and add the appropriate vlan (Office or Server) in the Allowed VLANs field.
very strange situation.
I had configured AD collector and after we disabled that the connection is now stable. I have no idea why the collector caused such network issues.
Thanks for the help.
What interface was the AD Collector using? Providing more details we can probably see what's up.
Mike Pruett
Hello,
How many users / groups does your domain have? I also tried AD collector on a small domain (about 30 users and FGT81E). And there was a very large increase in CPU load and traffic to/from DC. I set up a ticket then and it was explained to me:
The behavior you have described is rather normal as your Fortigate has to download all Windows event logs every few seconds and parse through them. The more event logs there are on your Domain Controllers, the more resources will be consumed on your Fortigate as unfortunately, this process is very intensive on resources. For this very reason, we provide FSSO Collector Agent that you can be installed on your Domain Controllers or any other domain-joined PC, which will do the CPU intensive tasks for you. This is the the recommended approach as the most CPU intensive tasks will be performed by your Windows Servers while your Fortigate can concentrate on Traffic related tasks. Recommended resources: FSSO cookbook: https://cookbook.fortinet...-advanced-mode-expert/ FSSO Agent modes: http://help.fortinet.com/...entication-54/FSAE.htm FSSO Collector Agent download: https://support.fortinet....ad/FirmwareImages.aspx >> / FortiGate/ v6.00/ 6.0/ 6.0.2/ FSSO/ FortiOS Admin guide: https://docs.fortinet.com...ager-6.0.1-admin-guide >> Section "Agent-based FSSO"
So I went back to the proven model-DC Agent + Collector.
Jirka
we are talking just about 5 users...
CPU load was always stable and not high.
Maybe its a bug or so.
Hi,
there is a known Bug in FortiOS 6.0.8, 6.0.9 and 6.2.3 which will randomly drop sessions when FSSO is being used.
Bug ID 582265
There are interim builds available - So better create a support case!
Br
Roman
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.