Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GiuseppeB
New Contributor III

Created on ‎07-02-2024 01:03 PM

FSSO logon mimatch

Hello everyone,

 

im testing a fsso solution where i have one machine that work as a collector agent, and another machine thath act as a DC, all the connection fortigate/fsso, fsso/dc and policy match work fine but i have a mismatch in the logon user list under the voice Type, which tell me is "DC-Agent" even if i have specified in the collector agent to work in pooling-mode.

 

I have restarted more than one time both dc and collector just to see if something change but nothing.

 

I dont know if this is just a bug or a real problem

 
 

Screenshot 2024-07-02 215816.png

BR,

 

Giuseppe

Labels:
118
0 Kudos
1 Solution
pminarik
Staff
Staff
In response to GiuseppeB

Created on ‎07-03-2024 06:04 AM

An already installed DC Agent will keep working and providing logon info to the Collector. Switching the Collector to polling doesn't disable DC Agents, it only enables polling as well.

If you want to get rid of the DC Agent info, either uninstall it from the DC completely, or edit its config to point it to a bogus IP:port instead of the correct Collector IP:port.

[ corrections always welcome ]

View solution in original post

47
3 REPLIES 3
EdwinCandelario
New Contributor

Created on ‎07-02-2024 06:13 PM

Hi!

  Verify that the user logon dc server  has the dc agent installed, so the fortigate will now who the user is.   Real world i use fortiems, because when you use another user in a user pc the fortigate will say that you are logged in the user pc. And all traffic from that pc will be assigned to you.  Elevated privilege is example when you do a run as administrator, that loggin will be catch by the fsso on the dc

78
GiuseppeB
New Contributor III

Created on ‎07-03-2024 05:54 AM

Hello,

 yes DC has the agent installed, i have tried a lot of pc but the result dosent change.

 

Angelo

50
0 Kudos
pminarik
Staff
Staff
In response to GiuseppeB

Created on ‎07-03-2024 06:04 AM

An already installed DC Agent will keep working and providing logon info to the Collector. Switching the Collector to polling doesn't disable DC Agents, it only enables polling as well.

If you want to get rid of the DC Agent info, either uninstall it from the DC completely, or edit its config to point it to a bogus IP:port instead of the correct Collector IP:port.

[ corrections always welcome ]
48
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.