Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ipns
New Contributor III

FSSO issue: multiple users on one server

We user FSSO to authenticate users for web traffic. We don't use explicit proxy because of office365 performance.

When there are multiple users on one server, user traffic from a user will be identified as traffic from another user on the same server. This is not what we want. Did anyone run into the same problem and is there a solution?

 

We use FSSO with a Collector Agent on one of our DC's and agents on the other DC servers.

 

Kind Regards, 

IPNS

Kind Regards, IPNS
1 Solution
xsilver_FTNT
Staff
Staff

Hi,

 

solution is called Terminal Server Agent. DCAgent collects data from DC, and still does expect one user per workstation, which also mean 1-user = 1-IP. Where terminal server mean N-users per 1-IP .. the TSAgent adds port alocation port range into FSSO chain.

 

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

View solution in original post

3 REPLIES 3
xsilver_FTNT
Staff
Staff

Hi,

 

solution is called Terminal Server Agent. DCAgent collects data from DC, and still does expect one user per workstation, which also mean 1-user = 1-IP. Where terminal server mean N-users per 1-IP .. the TSAgent adds port alocation port range into FSSO chain.

 

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

ipns
New Contributor III

Thanks Tomas,

 

In the documentation I found about the TSagent only Citrix is mentioned. Can this agent also be installed on management servers which receive multiple RDP sessions?

 

Kind Regards,

Maarten

Kind Regards, 

IPNS

Kind Regards, IPNS
xsilver_FTNT

If it's server OS and not the workstation (which is supposed to be single user at a time), then it's OK.

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

Top Kudoed Authors