AD with fortinet integration not working

okorosylvester · ‎12-07-2024

Firewall_Robot # exec telnet 10.69.73.2 8000
Trying 10.69.76.2...
Timeout!
Failed to connect to specified unit.
Console line is in use. Clear it before next try.

Can i change the port anybody with solution please send

Sylvester Okoro

dingjerry_FTNT · ‎12-08-2024

Hi @okorosylvester ,

Based on your WireShark screenshot, I can tell that it is a "TCP Syn" packet, nothing else.

Regards,

Jerry

okorosylvester · ‎12-08-2024

When i did trace route see the result Capture w.PNG

Sylvester Okoro

dingjerry_FTNT · ‎12-08-2024

In WireShark, it has the TCP or UDP and the port number info.

For now, the trace route does not help us at all.

Regards,

Jerry

kenorj5 · ‎12-08-2024

"Poll AD" tries to read login events from the event log.... There are frequent complaints that it misses login events. It's not FortiGate specific, any brand of firewall that attempts to read event logs will have the same problem (including Meraki and Palo Alto) https://9apps.ooo/ .

Hemin88 · ‎12-08-2024

Hi @okorosylvester

Could you make sure you have the set up the collector correctly, IP address and port.
Would you mind sharing the screen shot of the Agent settings.

Following the below steps might help as well:
FortiGate Single Sign On: FSSO » Network Interview

IP Network Engineer

pminarik · ‎12-09-2024

Can you check who is listening on TCP/8000 on that server? (if anything at all)
Using the command prompt:

> netstat -aon | findstr 0.0.0.0:8000

This will output list of processes that listen on this port. The rightmost value will be the process ID (PID). Replace the xxxx in the below command with the PID to identify the process. (repeat if there is more PIDs).

> tasklist /fi "pid eq xxxx"

[ corrections always welcome ]

okorosylvester · ‎12-10-2024

Result from the above scan on the server

Sylvester Okoro

pminarik · ‎12-11-2024

That is the expected output, so that's good.

What about the local firewall on the server? (either the builtin Windows firewall, or some third party, if installed) Any chance the traffic is blocked by that? Especially the builtin Win firewall is a common cause of this traffic failing.

[ corrections always welcome ]

okorosylvester · ‎12-11-2024

I have open all ports on the firewall like 8000,8001,8002 so which other firewall rule is blocking it if u can message me via mail i could show u via google meet sylvestererios@gmail.com

Sylvester Okoro

pminarik · ‎12-11-2024

To be perfectly honest, I have a bit of a PTSD relationship with Windows Firewall and don't trust it much. Are you willing to try a quick test with the Windows Firewall fully disabled temporarily? That should be a sure-fire way of establishing if we can blame it or not. :)

I suppose you could also try to telnet on localhost to the FSSO port.

> telnet 127.0.0.1 8000

That shouldn't be blocked by any default win-firewall rules, as far as I know.

[ corrections always welcome ]

AD with fortinet integration not working

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website