Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jr3151006
New Contributor

FSSO Agent on Console - Port 8000 or 8002?

Hi, I have a question regrading FSSO Agent, under WebConsole/User/Single Sign-on/FSSO Agent. - Must I inform the IP for all my DC´s and use port 8002 or 8000 port? - Must I use the LDAPSERVER option??? tks, Renato P
tks, Renato P
tks, Renato P
2 REPLIES 2
Frosty
Contributor

I am a newbie when it comes to this stuff ... BUT ... I had pretty much the same issue as you I think, and after a lot of mucking around I settled on the following changes to Windows Firewall: allow the Collector on the DC where FSAE/FSSO is installed to use TCP port 8000; and allow the Agents on other DCs to use UDP on port 8002 I must confess I am not 100% certain about whether both INBOUND and OUTBOUND is needed for both of them, but that' s what I allowed and its working fine for me on 4.0 MR2 Patch Level 6.
ede_pfau
SuperUser
SuperUser

It looks like the Collector uses TCP/8000 outgoing to access the Agents, and the Agents use UDP/8002 outgoing to report to the Collector. Both port numbers are fully configurable. So on the Collector DC the Windows firewall should allow OUTBOUND TCP/8000 and INBOUND UDP/8002, on the Agent servers should allow OUTBOUND UDP/8002 if the Collector is not polling. Easy to verfiy though. All that info is taken from the Authentication Guide resp. the FortiOS Handbook chapter on User Authentication.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors