FSSO - AD polling with 2 DC's

emtee · ‎07-09-2019

If i have 2 domain controllers can i use AD LDAP polling mode? Or do i need to use the FSSO agents? I am finding it's not polling all users logging in under the user event logs. Appears to be dependent on which domain controller they log on to. Even though it displays in the DC event logs on both servers, it only appears in the fortigate user logs for the DC the ldap connection is setup for.

Should i just use the FSSO agents and be done with it?

Cheers.

hubertzw · ‎07-10-2019

Do you have collector or only FGT + DC?

Alivo__FTNT · ‎07-11-2019

"Should i just use the FSSO agents and be done with it?"

I'd say yes. There are good advantages over polling from FortiGate such as:

1. Offload the task of getting logons to the Collector Agent(s) thus server CPU/Mem 2. More Event IDs are suported polling from FortiGate > 4768, 4769.

From Collector Agent(s) 672, 673, 680, 4768, 4769, 4776, 4624

https://kb.fortinet.com/kb/documentLink.do?externalID=FD36424 3. Ignore list > helps with logon overrides done by service accounts

4. Better for troubleshooting 5. Suitable for Large networks 6. Workstation checks for added security 7. Configurable IP address change checks for when user changes networks (typically wire/wifi) ...to name few

livo

Ricardo_Tomas · ‎07-11-2019

"Should i just use the FSSO agents and be done with it?"

Awnser: Yes.

But if you can't (like my case) you have to pull all DC's you have doing Authentication and Accounting.

FSSO - AD polling with 2 DC's

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website