Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bitman
New Contributor II

FSSO strange behavior

We are using FSSO and AD groups to manage authentication and access. Device is Fortigate 80E v6.07. We noticed a strange behavior and I would like to know if this is normal behavior or not. Let's say I have the following setup:

[ul]
  • 2 IPv4 policies:[ul]
  • www (regular internet access)
  • www-Restricted ( restricted internet access).[/ul]
  • An AD group called "LimitedNetAccess" is defined as a source in the www-restricted policy.
  • I have user A and user B, both members of LimitedNetAccess.
  • A workstation on the plant floor on which a windows session is opened as user A.[/ul]

    Scenario: User B uses the workstation to start a remote desktop session to his own remote computer (from inside user A session). He provides his credentials to the rdp session then closes it after he's done. What I see in the webfilter logs :(

    [ul]
  •  First I see entries where the source = UserA (ip_address) ; Policy = www-Restricted
  •  then it changes to source =  UserB (ip_address) ; Policy = www-Restricted
  •  then it change to (ip_address) ; Policy www[/ul]

    It stays like this for many hours in a row, meaning userA now has regular internet access. If we lock/unlock the workstation using userA credentials, then things go back to normal.

     

    Is this a bug ? At least, I would expect that it returns to userA without having to lock the PC...

  • 2 REPLIES 2
    Alivo__FTNT
    Staff
    Staff

    Hello,

     

    It won't return to user A as there is nothing that should trigger such action. Collector Agent does not keep table of previous users on a workstation.  What might help you though is described n this KB article:

     

    Technical Tip: FSSO RDP logon override https://kb.fortinet.com/k....do?externalID=FD45999

     

    Best Regards,

    Alivo

    livo

    Bitman
    New Contributor II

    Hi Alivo,

     

    thanks very much for pointing me to this KB, that will probably solve my problem !

     

    Best regards

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors