Hello all, I just set up FSSO DC Agent and it is working correctly, when a user logs in to the their local system it notices their log in and associates the user with the traffic in the web filter of the fortigate. As expected it wasn't working with the terminal servers that we have so we installed the terminal server agent and got it configured. It appears to be working correctly in that when I look in the fortigate under Monitor > Firewall User Monitor users signed into the terminal server show up and the method is FSSO Citrix not Fortinet Single Sign On like the local system so its talking to the fortigate but when I look under the web filter traffic users are not associated with the traffic. If I look at the details of a request, the source port corresponds to the correct port range in the Collector Agent Logon Users List on the domain controller, so everything appears to be correctly set up but I can't figure out why the user isn't being associated with the traffic like I would expect.
We are using a Fortigate 100D with firmware version 5.4.1 FSSO Agent and TS Agent 5.0.0250
Any help is greatly appreciated to help get this working.
Anyone have any thoughts? I'm at a loss.
Are the users hitting a policy above or below the correct one?
Mike Pruett
I'm not sure how to tell if they are hitting a policy below it, but it is the very first policy so it should be hitting that one. It's the same policy as the local systems and it is working.
I found where to see the policy the traffic is going through and it is in fact showing it is coming through the same policy as the local systems where the dc agent is working correctly. The users show up in the monitor > firewall user monitor so I'm not sure what is going on.
Probably (Microsoft and maybe FSSO Citrix agent) we having are the same symptoms with FSSO DC(Terminal Server) agent installation on TS (MS) in 80 locations. From time to times, users put in or not to right web/applications data acces will be blocked (proxy users quest-no accesss, or proxy users -no internet access).
At this time service request with priority2 is confirmed, but we are back(long time weekend in Poland to date 08.05) to confirm, and we will started test the solutions suggested by fortigate support team.(Thanks Petr).
B.K
2xCluster FG3000D, 2xFAC3000E, 1xFAZ3000E, 1xFMGR300E, 2xFG100E Test and Dev, HW only.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.