Hi
I have started with a new company 6 months ago and inherited a strange issue.
Occasionally, a user or 2 will get a "Fortiguard Intrusion Prevention - Access Blocked" message when trying to access any website. Other users are able to access the websites.
What I see in FortiAnalyzer are logs with no username specified. We have FortiSSO, and it appears that it is not picking up the user logon event. Sometimes, getting the user to reboot will solve the issue but may take a few reboots. Another fix is to get the user to connect to another wifi network, then reconnect to the original network connection.
This issue has been happening intermittently for different users for well over a year now and the fixes mentioned above usually resolve this. However, I now have a user, who has been unable to access the Internet all day, so I'm looking for any possible help.
This does seem like an identity issue, where FortiSSO is not picking up the logon event but I do know that it picks up other user logon events from all domain controllers. Is this a FortiSSO issue, an issue with Fortiguard or the Fortigate?
Has anyone seen this issue? I don't have a lot of Fortinet experience before this job, so could anyone point my to any troubleshooting tools that could help please?
For reference, we are running v.7.0.15 on the fortigate.
Thanks
Roy
Solved! Go to Solution.
Hi
We have discovered the issue is with a recent Windows update on our domain controllers, running Windows Server 2019. The update is KB5039217, which updates LSASS. We removed it and the users are able to open websites now.
For reference see this Technical Tip - FSSO breaks after installing Microsoft KB... - Fortinet Community
Hi @Roysmith,
I think your scenario is matching point 4 of this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FSSO-CA-initial-troubleshooting/ta-p...
It is an FSSO issue and not FortiGuard issue. We need to troubleshoot at FSSO agent and FortiGate side.
Regards,
Hi
We have discovered the issue is with a recent Windows update on our domain controllers, running Windows Server 2019. The update is KB5039217, which updates LSASS. We removed it and the users are able to open websites now.
For reference see this Technical Tip - FSSO breaks after installing Microsoft KB... - Fortinet Community
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.