- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FSSO logon mimatch
Hello everyone,
im testing a fsso solution where i have one machine that work as a collector agent, and another machine thath act as a DC, all the connection fortigate/fsso, fsso/dc and policy match work fine but i have a mismatch in the logon user list under the voice Type, which tell me is "DC-Agent" even if i have specified in the collector agent to work in pooling-mode.
I have restarted more than one time both dc and collector just to see if something change but nothing.
I dont know if this is just a bug or a real problem
BR,
Giuseppe
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
An already installed DC Agent will keep working and providing logon info to the Collector. Switching the Collector to polling doesn't disable DC Agents, it only enables polling as well.
If you want to get rid of the DC Agent info, either uninstall it from the DC completely, or edit its config to point it to a bogus IP:port instead of the correct Collector IP:port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
Verify that the user logon dc server has the dc agent installed, so the fortigate will now who the user is. Real world i use fortiems, because when you use another user in a user pc the fortigate will say that you are logged in the user pc. And all traffic from that pc will be assigned to you. Elevated privilege is example when you do a run as administrator, that loggin will be catch by the fsso on the dc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
yes DC has the agent installed, i have tried a lot of pc but the result dosent change.
Angelo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
An already installed DC Agent will keep working and providing logon info to the Collector. Switching the Collector to polling doesn't disable DC Agents, it only enables polling as well.
If you want to get rid of the DC Agent info, either uninstall it from the DC completely, or edit its config to point it to a bogus IP:port instead of the correct Collector IP:port.