Hi there,
We're using the Active Directory Fabric connector.
Is there an equivalent to the various FSSO timers:
Dead entry timeout interval
Workstation verify interval
I've tried various searches and I'm imagining that it's in the CLI somewhere?
Cheers
Jon
Eventually solved using a ticket
Solution Provided:
config user fsso-polling
edit 1
set logon-history <int> (0-48)
next
end
- The default setting is for 8 hours.
- It can be set up to 48 hours.
- It can also be configured as 0 which results in no timeout at all.
Solution Provided:
Hi,
that's basically dead entry timer .. as the option 'logon-history' does apply to FSSO connector where FortiGate is the Collector Agent and does direct polling of WinSec records from AD. In CLI 'config user fsso-polling'.
There is no workstation check done by FortiGate, AFAIK.
However you do have a second option in FSSO Connectors to connect to outer Collector Agent. Which could be FortiAuthenticator, or standalone Collector with mentioned dead entry timeout and other options.
I would prefer this one over direct polling, exactly for those options, polling WMI, workstation checks, ability to specify Event IDs to process, ability to combine multiple other sources like RADIUS Accounting into FSSO, scalability and stability. Also for performance as those SSO info will be processed at source, in collector, and just results sent to FortiGate. In contrary to direct polling where precious CPU/RAM of the firewall itself is used to process those logons and with huge logon event numbers the fssod/authd combo processing those events might get overloaded and so CPU on FortiGate spikes.
That second connector to outer Collector Agent is in CLI as 'config user fsso'.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1752 | |
1115 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.