Hi Everyone,
Can someone please suggest if you ever came across the issue with FSSO user log off information not getting on the Fortigate.
Model- 1500D
FortiOS- 5.2.4
Fortigate is configured to poll the DCs and are fetching up the information for logins. However, even when the user log off, it continue to show as active user when you check in diag debug authd fsso list or from GUI under Firewall monitor in Users and Device.
Can someone please share the experience and configuration for properly working FSSO.
Please add your valuable suggestions to guide through resolving this issue.
Thanks,
Sandeep Jha
Hello Sundeep,
where do you log off ?
If from MS workstation then MS do not track well log off events and so FSSO almost cannot handle/see such event.
Workarounds might be one of those:
---
1. turn to standalone Collector instead of polling from FGT (which has limited functions), use WMI, via registry of Collector turn on logoff WMI checks.
2. shorten workstation checks and dead entry interval so workstation will disappear sooner as werification of logged in user will fail after you log off
3. do not bother and simply wait for new logon to workstation as this event should be spotted by FSSO and processed and so workstation source IP record in FSSO user list on FGT will get overwritten by actual user records
Best regards, Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Thank you so much Tomas for responding on this.
I tested it by Logging off from the domain machine
I will try the workaround you suggested..yes the 3rd seems to be ok but I would go for the 1st if that happen to work in my lab..
Thanks,
Sandeep Jha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.