FSSO Agentless mode

telecosistem · ‎10-28-2016

Hello,

I have a question regarding to agentless polling mode. I know that in Polling mode the collector agent is installed on Windows Sever. However in Agentless polling mode the Fortigate could directly polls the AD domain controller?

Best regards,

xsilver_FTNT · ‎10-31-2016

Hello,

yes, as you might found from documentation, FortiGate can poll AD directly.

However I would consider this as entry level of FSSO as it does WinSec polling only without any NTLM fallback possibility or workstation check. Capabilities of this Collector built-into FortiOS are limited.

Good for small/single domain with few users or test environment.

I would not recommend it for bigger domains/multi-domain environment or for more ADs and users than a hand full.

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

burim · ‎05-30-2017

xsilver wrote:
Good for small/single domain with few users or test environment.

Is this something based on your personal experience with fortigate sso or is it official from Fortinet as well? I am asking this because we are about to implement a big project that involves more then 20.000 users with two level child domains.

Thank you.

fl0at0xff · ‎11-01-2016

Hello,

It is possible to configure fortigate unit to be connected with the AD without installing software on the AD

MikePruett · ‎11-01-2016

fl0at0xff wrote:
Hello,
It is possible to configure fortigate unit to be connected with the AD without installing software on the AD

Yes, the FortiGate can query the AD and poll it regularly for logons etc.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

FSSO Agentless mode

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website