i installed the Forti windows agent on my AD server and tried to use the external connector on my fortigate firewall but the status remained down i have open all ports on the AD server but the fortinet doesn't seem to connect when i check the show service status on the AD the fortigate is not listed i have changed the password multiple times

Are you talking about FSSO?

take the pcap on the FGT

diag sniff packet any 'host x.x.x.x and port 8000' 4 0 l >> where x.x.x.x is the CA agent IP

FURTHER TRY TELNET TOO

Refer:-

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Common-reasons-FSSO-status-shows-as-down-o...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FSSO-Collector-Agent-Status-shows-NOT-RUNN...

2024-12-07 22:10:46.591094 internal out 10.68.78.1.8657 -> 10.69.73.2.8000: syn 2808678396
2024-12-07 22:10:50.601069 internal out 10.68.78.1.8657 -> 10.69.73.2.8000: syn 2808678396

This is my result from the test but telnet gives me the first reply what do you thing is the issue?

From the capture we can clearly see from the FGT the traffic towards the server 10.69.73.2 is going out of the FGT but we do not see response coming back from the server. Also check if you are able to ping the server

The reason is because the fortigate is not showing on the server i have opened port 8000,8001, and 8002 which is a UDP port but the fortigate is not showing attached is the picture 

Hi,

It is a TCP port not the UDP. TCP 8000.

Further please open tcp port 8000 and check.

Also to confirm if the issue lies on the FGT or the server simultaneously take open capture on the server also on wireshark to see if the sync packet being received from FGT the server is replying with sync ack

Hi @okorosylvester ,

Please also run WireShark on your AD server to make sure that the packets from FGT arriving on the server.

This the error i get from wireshark i need assistance to know which port i need to open