Hi,
We have a recently installed FortiGate 500e box. Firware version 5.4.8, build 4108.
Collector on single DC, agents on the others, policy in place to pick up logged in staff via group membership and allow them access to the web.
Seeing a lot of issues with users unable to access the web because they've dropped through the staff policy, and logging shows traffic from multiple users against a single source IP, at pretty much the same time.
Blocked traffic is TCP 443, definitely covered by the policy which is TCP 80/443.
Looks like an authentication issue, and the multiple users against a single machine is pointing the same way.
At a glance all the agents look fine, DC's aren't showing any errors, everything is sync'd fine.
Any ideas what this could be?
Thanks.
Hi,
if you do see multiple users from a single IP in fsso user list, then it might mean that those are conencted to some terminal server and originates traffic from there.
If it is MSFT Terminal Server .. then set up TS-Agent there to add port granularity to FSSO, which is otherwise just source IP based passive authentication.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Thanks Tomas,
We do have the TS-Agent running here, but those servers are in a fixed address range with a policy of their own above the staff policy.
The misreporting and internet drops are unfortunately on DHCP addresses assigned to single user PC's.
Apologies for the heavily sanitised screenshot.
Wanted to come back with an example of what we're seeing, screenshot shows two different usernames being reported for single source here - IP and policy are the same, user being reported hasn't logged in on the machine in question at any point.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.