If i have 2 domain controllers can i use AD LDAP polling mode? Or do i need to use the FSSO agents? I am finding it's not polling all users logging in under the user event logs. Appears to be dependent on which domain controller they log on to. Even though it displays in the DC event logs on both servers, it only appears in the fortigate user logs for the DC the ldap connection is setup for.
Should i just use the FSSO agents and be done with it?
Cheers.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you have collector or only FGT + DC?
"Should i just use the FSSO agents and be done with it?"
I'd say yes. There are good advantages over polling from FortiGate such as:
1. Offload the task of getting logons to the Collector Agent(s) thus server CPU/Mem 2. More Event IDs are suported polling from FortiGate > 4768, 4769.
From Collector Agent(s) 672, 673, 680, 4768, 4769, 4776, 4624
https://kb.fortinet.com/kb/documentLink.do?externalID=FD36424 3. Ignore list > helps with logon overrides done by service accounts
4. Better for troubleshooting 5. Suitable for Large networks 6. Workstation checks for added security 7. Configurable IP address change checks for when user changes networks (typically wire/wifi) ...to name few
livo
"Should i just use the FSSO agents and be done with it?"
Awnser: Yes.
But if you can't (like my case) you have to pull all DC's you have doing Authentication and Accounting.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1088 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.