Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
okorosylvester
New Contributor

Created on ‎12-07-2024 11:44 AM

AD with fortinet integration not working

Firewall_Robot # exec telnet 10.69.73.2 8000
Trying 10.69.76.2...
Timeout!
Failed to connect to specified unit.
Console line is in use. Clear it before next try.

 

Can i change the port  anybody with solution please send 

Sylvester Okoro
Sylvester Okoro
Labels:
1014
0 Kudos
29 REPLIES 29
dingjerry_FTNT
Staff
Staff
In response to okorosylvester

Created on ‎12-08-2024 12:54 PM

Hi @okorosylvester ,

 

Based on your WireShark screenshot, I can tell that it is a "TCP Syn" packet, nothing else.

Regards,

Jerry
273
okorosylvester
New Contributor
In response to dingjerry_FTNT

Created on ‎12-08-2024 12:39 PM

When i did trace route see the resultCapture w.PNG

Sylvester Okoro
Sylvester Okoro
278
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to okorosylvester

Created on ‎12-08-2024 12:57 PM

In WireShark, it has the TCP or UDP and the port number info. 

 

For now, the trace route does not help us at all.

Regards,

Jerry
261
kenorj5
New Contributor

Created on ‎12-08-2024 08:27 AM

"Poll AD" tries to read login events from the event log.... There are frequent complaints that it misses login events. It's not FortiGate specific, any brand of firewall that attempts to read event logs will have the same problem (including Meraki and Palo Alto).

305
0 Kudos
Hemin88
New Contributor III

Created on ‎12-08-2024 02:59 PM

Hi @okorosylvester 

Could you make sure you have the set up the collector correctly, IP address and port.
Would you mind sharing the screen shot of the Agent settings. 

Following the below steps might help as well:
FortiGate Single Sign On: FSSO » Network Interview

 

IP Network Engineer
IP Network Engineer
243
pminarik
Staff
Staff

Created on ‎12-09-2024 01:02 AM

Can you check who is listening on TCP/8000 on that server? (if anything at all)
Using the command prompt:

 

> netstat -aon | findstr 0.0.0.0:8000

This will output list of processes that listen on this port. The rightmost value will be the process ID (PID). Replace the xxxx in the below command with the PID to identify the process. (repeat if there is more PIDs).

 

> tasklist /fi "pid eq xxxx"

 

 

[ corrections always welcome ]
207
okorosylvester
New Contributor
In response to pminarik

Created on ‎12-10-2024 10:14 AM

Capture2.PNGResult from the above scan on the serverCapturesnipping.PNG

Sylvester Okoro
Sylvester Okoro
170
0 Kudos
pminarik
Staff
Staff
In response to okorosylvester

Created on ‎12-11-2024 01:06 AM

That is the expected output, so that's good.

What about the local firewall on the server? (either the builtin Windows firewall, or some third party, if installed) Any chance the traffic is blocked by that? Especially the builtin Win firewall is a common cause of this traffic failing.

[ corrections always welcome ]
146
0 Kudos
okorosylvester
New Contributor
In response to pminarik

Created on ‎12-11-2024 01:26 AM

I have open all ports on the firewall like 8000,8001,8002 so which other firewall rule is blocking it if u can message me via mail i could show u via google meet sylvestererios@gmail.com

Sylvester Okoro
Sylvester Okoro
140
0 Kudos
pminarik
Staff
Staff
In response to okorosylvester

Created on ‎12-11-2024 01:40 AM

To be perfectly honest, I have a bit of a PTSD relationship with Windows Firewall and don't trust it much. Are you willing to try a quick test with the Windows Firewall fully disabled temporarily? That should be a sure-fire way of establishing if we can blame it or not. :)

 

I suppose you could also try to telnet on localhost to the FSSO port.

> telnet 127.0.0.1 8000

That shouldn't be blocked by any default win-firewall rules, as far as I know.

[ corrections always welcome ]
135
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.