- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FSSO issue: multiple users on one server
We user FSSO to authenticate users for web traffic. We don't use explicit proxy because of office365 performance.
When there are multiple users on one server, user traffic from a user will be identified as traffic from another user on the same server. This is not what we want. Did anyone run into the same problem and is there a solution?
We use FSSO with a Collector Agent on one of our DC's and agents on the other DC servers.
Kind Regards,
IPNS
Solved! Go to Solution.
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
solution is called Terminal Server Agent. DCAgent collects data from DC, and still does expect one user per workstation, which also mean 1-user = 1-IP. Where terminal server mean N-users per 1-IP .. the TSAgent adds port alocation port range into FSSO chain.
Best regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
solution is called Terminal Server Agent. DCAgent collects data from DC, and still does expect one user per workstation, which also mean 1-user = 1-IP. Where terminal server mean N-users per 1-IP .. the TSAgent adds port alocation port range into FSSO chain.
Best regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Tomas,
In the documentation I found about the TSagent only Citrix is mentioned. Can this agent also be installed on management servers which receive multiple RDP sessions?
Kind Regards,
Maarten
Kind Regards,
IPNS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If it's server OS and not the workstation (which is supposed to be single user at a time), then it's OK.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
