Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emtee
New Contributor

FSSO - AD polling with 2 DC's

If i have 2 domain controllers can i use AD LDAP polling mode? Or do i need to use the FSSO agents? I am finding it's not polling all users logging in under the user event logs. Appears to be dependent on which domain controller they log on to. Even though it displays in the DC event logs on both servers, it only appears in the fortigate user logs for the DC the ldap connection is setup for.

 

Should i just use the FSSO agents and be done with it?

 

Cheers.

3 REPLIES 3
hubertzw
Contributor III

Do you have collector or only FGT + DC?

Alivo__FTNT

"Should i just use the FSSO agents and be done with it?"

I'd say yes. There are good advantages over polling from FortiGate such as:

1. Offload the task of getting logons to the Collector Agent(s) thus server CPU/Mem 2. More Event IDs are suported polling from FortiGate > 4768, 4769.

    From Collector Agent(s) 672, 673, 680, 4768, 4769, 4776, 4624

https://kb.fortinet.com/kb/documentLink.do?externalID=FD36424 3. Ignore list > helps with logon overrides done by service accounts

4. Better for troubleshooting 5. Suitable for Large networks 6. Workstation checks for added security 7. Configurable IP address change checks for when user changes networks (typically wire/wifi) ...to name few

livo

Ricardo_Tomas

"Should i just use the FSSO agents and be done with it?"

Awnser: Yes.

 

But if you can't (like my case) you have to pull all DC's you have doing Authentication and Accounting.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors