1 x AD W2K8R2
1 x Fortigate 100D
what's best practise? Polling or FSSO Agent?
I found cookbook entries for both, but can't rate polling mode in comparison to FSSO agent.
local poller on fortigate is very limited feature. It scans just a couple (literally) event IDs, it doesn't support NTLM, it can't do workstation checks... and it also doesn't work very well.
I honestly suggest you to use standalone FSSO CA (advanced mode, polling with WMI). It is mature piece of software and works in very large environments.
Unless you are adventurous nature, or you want just something to play with, don't go for local fortigate poller.
smithproxy hacker - www.smithproxy.org
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.