Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

FSSO Polling mode- Dont see user log off in Fortigate

Hi Everyone,


Can someone please suggest if you ever came across the issue with FSSO user log off information not getting on the Fortigate.

Model- 1500D

FortiOS- 5.2.4


Fortigate is configured to poll the DCs and are fetching up the information for logins. However, even when the user log off, it continue to show as active user when you check in diag debug authd fsso list or from GUI under Firewall monitor in Users and Device.


Can someone please share the experience and configuration for properly working FSSO. 


Please add your valuable suggestions to guide through resolving this issue.



Sandeep Jha



Hello Sundeep,


where do you log off ?

If from MS workstation then MS do not track well log off events and so FSSO almost cannot handle/see such event.


Workarounds might be one of those:


1. turn to standalone Collector instead of polling from FGT (which has limited functions), use WMI, via registry of Collector turn on logoff WMI  checks.


2. shorten workstation checks and dead entry interval so workstation will disappear sooner as werification of logged in user will fail after you log off


3. do not bother and simply wait for new logon to workstation as this event should be spotted by FSSO and processed and so workstation source IP record in FSSO user list on FGT will get overwritten by actual user records


Best regards, Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff


Thank you so much Tomas for responding on this.

I tested it by Logging off from the domain machine


I will try the workaround you suggested..yes the 3rd seems to be ok but I would go for the 1st if that happen to work in my lab..


Sandeep Jha

Top Kudoed Authors