FSSO issue: multiple users on one server

ipns · ‎03-17-2017

We user FSSO to authenticate users for web traffic. We don't use explicit proxy because of office365 performance.

When there are multiple users on one server, user traffic from a user will be identified as traffic from another user on the same server. This is not what we want. Did anyone run into the same problem and is there a solution?

We use FSSO with a Collector Agent on one of our DC's and agents on the other DC servers.

Kind Regards,

IPNS

xsilver_FTNT · ‎03-20-2017

Hi,

solution is called Terminal Server Agent. DCAgent collects data from DC, and still does expect one user per workstation, which also mean 1-user = 1-IP. Where terminal server mean N-users per 1-IP .. the TSAgent adds port alocation port range into FSSO chain.

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

View solution in original post

xsilver_FTNT · ‎03-20-2017

Hi,

solution is called Terminal Server Agent. DCAgent collects data from DC, and still does expect one user per workstation, which also mean 1-user = 1-IP. Where terminal server mean N-users per 1-IP .. the TSAgent adds port alocation port range into FSSO chain.

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

ipns · ‎03-22-2017

Thanks Tomas,

In the documentation I found about the TSagent only Citrix is mentioned. Can this agent also be installed on management servers which receive multiple RDP sessions?

Kind Regards,

Maarten

Kind Regards,

IPNS

xsilver_FTNT · ‎03-22-2017

If it's server OS and not the workstation (which is supposed to be single user at a time), then it's OK.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

FSSO issue: multiple users on one server

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website