We often encounter user not being captured by FSSO thus traffic was deny.
We would like to confirm if user was being dead entry at that time but i cant seem to find anywhere that i can monitor dead entry host/user. Is here anyway i can confirm if a user/host is being lock as dead entry ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
How are you doing FSSO? Are you polling the DC from the FortiGates or are you using a collector agent? If you're using the collector agent you'll be able to see which users are logged in and which have dead entries.
Hi, dead entry is simply gone - it's dead :)
Workstation can be either in "OK", or in "Not Verified" state. "OK" means CA can reach workstation using at least one of its IP addresses and check positively the user's presence there (using WMI or RRA).
If CA actually can't reach workstation, it will set its state to "Not Verified". Typically because of some firewall restrictions (Sharing and WMI-in must be allowed in). Such a workstation is automatically removed after "Dead entry timeout interval" seconds. Then it's gone and user on the workstation must trigger logon event again (usually he will logs out and in again).
Note that any logon event associated with "Not Verified" workstation will refresh it, making the state back to "OK". But just for a while, because next workstation check will fail again.
hth,
-Fishbone
smithproxy hacker - www.smithproxy.org
Fishbone wrote:Hi, dead entry is simply gone - it's dead :)
Workstation can be either in "OK", or in "Not Verified" state. "OK" means CA can reach workstation using at least one of its IP addresses and check positively the user's presence there (using WMI or RRA).
If CA actually can't reach workstation, it will set its state to "Not Verified". Typically because of some firewall restrictions (Sharing and WMI-in must be allowed in). Such a workstation is automatically removed after "Dead entry timeout interval" seconds. Then it's gone and user on the workstation must trigger logon event again (usually he will logs out and in again).
Note that any logon event associated with "Not Verified" workstation will refresh it, making the state back to "OK". But just for a while, because next workstation check will fail again.
hth,
-Fishbone
We are using this mode. Is this CA ?
neonbit wrote:How are you doing FSSO? Are you polling the DC from the FortiGates or are you using a collector agent? If you're using the collector agent you'll be able to see which users are logged in and which have dead entries.
We are using DC Agent Mode. Where can we see if the user have been put into dead entries or history ?
Hi Team
This has posted long time but it could help some one who is facing issue now.
This type of issue mostly related to the DNS server which is configured in AD server, lets say if the DNS records in the AD server are not updated properly with the correct IP if they point to wrong IP, wrong ip will mapped with user name in the log on user list of FSSO.
Its better to focus on DNS records in AD server for these type of issues.
You can check and keep us posted
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.