Hello Dears
I am trying to block some users to access internet using FSSO policy but it seems not working could anyone advise about that ?
Bests
Solved! Go to Solution.
Created on 10-23-2022 11:23 PM Edited on 10-23-2022 11:31 PM
ok, please confirm that you choose "show all fsso logon" on that GUI
if your user not displayed mean you have sth wrong in active directory polling settings
I suggest you to read again the guide
if your config is OK, when you logon windows domain computer, user information must be collected by fortigate automatically and displayed on monitor section
Hello dear
it's working really what i did is removed the configration and re did again and it's working really the articul that you shared is the same that i follow it it's very recommended to work with it .
Bests
ok bro, nice to hear this
Hello,
fitting debug here:
diag debug console timestamp enable
diag debug app fssod -1
diag debug app auth -1
diag debug app smbcd -1
diag debug enable
should show you which users are actually picked up.
I do recommend using the Agent based polling instead, leaves the FortiGate free for its firewalling job and is more flexible in terms of understanding logon events.
Best regards,
Markus
and another note: the firewall user monitor is important. If the user is not there or not correct, the policy objects WILL not work. First make sure the users are listed. If they are, then your firewall can use these groups in its policies.
That's right, ad polling mode take high resource on the firewall if your site has lot of concurrent users. Use fsso-agent mode is recommended.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.