we are facing internet access through the Explicit Proxy mode with AD user authentication. Though they are already login to his PC with his domain logon , some time later original account override by service account(MacAfee antivirus update account)which showing in the Fortigate Log "Firewall User Monitor". As a result many of our users facing the problem more frequently.
Anyone please help me.
Hello,
Fix is to add these service accounts to Ignore List in Collector Agent.
Best Regards,
Alivo
livo
Hi Alivo,
Thank you for quick reply. I was applying ignore list in collector agent like this KB https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828 but when we was applying KB, some user does not to be get internet access until restart the user PC. So what is the actual issue about this and how it will be solved?.
Best Regurds,
Masum
Hello Masum, Thank you for feedback. That would mean the users logons were not available anymore (or never). Restarting PC would also mean a new domain logon once user signs in. That is why the internet traffic works again.
This will work until the user is removed due to dead entry interval timer (whether expected or not) or when there was another unwanted logon override. That often happens with already mentioned service accounts. Support, in such cases, will ask you for Collector Agent log in debug level. It contains nearly all information for us to see what happened to user logon after they notice the internet does not work. Not that I am suggesting to you to troubleshoot yourself but the info is there. It will show us for example these logon overrides, changes in IP addresses.
Best Regards,
Alivo
livo
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.