hello friends, one questions:
I need to configure the fsso agent in the organization. We have 6 locations, each fg is connected by IPSEC VPN, vlans.
The FSSO is already configured in a FG. My question is if I have to configure the FSSO in each FG to be able to access the Internet per network user? Or you can use the FSSO that is configured in the main FG for all the other FGs.
I have been looking for information, and it seems that you can use the IPSEC VPN. Has anyone done this setup?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You must configure FSSO on each of the six sites if you want user-based authentication for internet access across all six locations. Via the IPSEC connection between the Fortigate, you can link the Fortigate security fabric connectors to the collector agent server in HO.
Regards
Jamal
Hello,
If you are using FSSO directly on the FortiGate without Collector Agent, then all of the FortiGate's needs the same configuration to the DC it self.
If you are using the Collector Agent you can use then the same Collector Agent for all FortiGate's if they have same network access to the Collector Agent (as you mentioned IPSEC).
But in any case every FortiGate will have own user data base that you can use in policy.
Best regards,
Lazar
Hello, thanks lazaro for your comments, what I am currently doing is using the fsso agent that I already have installed on my server and configuring it on my other firewall.
I already have it set up and it's in sync, however it's not authenticating the groups. According to what I read in the communications, I notice that the current version of the agent is an old version, therefore I am proceeding to update the agent.
since in my main firewall the groups do not authenticate either.
Has something similar happened to you?
Hello,
The latest version of FSSO Collector Agent is 0311. You can find that version in support portal in download section of FortiGate OS 7.2.5 and 7.4.0.
You can try with upgrade and the crosscheck the situation. It hard to guess without the logs what is happening. If situation is the same you can always open ticket with support.
You can also crosscheck operation mode for groups is it standard or Advanced?
If it is Standard, you can switch to Advanced
You can see more what I am talking about in this KB:
Best regards,
Lazar
Hello, the TAC just recommended that I update and then validate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.