- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet FSSO / Terminalserver
Hy guys,
i am new to FSSO and i struggling with a problem.
Thats the situation:
Fortigate 60E (with WebFilter based on different ActiveDirectory UserGroups)
2* RemoteDesktop Server (TS Agent installed)
1* Windows RDSBroker for LoadBalancing
2* Windows Domain Controller (2* DC Agents installed and one Collector Agent, the terminalservers are added under "Advanced Settings", AD Agent Mode)
The users are working with ThinClients, so the only login happens on a terminalserver.
Now when a User logons, i get the following entries in the Agent:
1) TSE-DNSName1 -- User03 -- correct group3 -- DC-Agent
2) TSE-IPAdress1 -- User03 -- correct group3 -- DC-Agent
3) TSE-IPAdress1 -- User01 -- correct group1 -- allocated Port Group -- TS-Agent
4) TSE-IPAdress1 -- User02 -- correct group2 -- allocated Port Group -- TS-Agent
5) TSE-IPAdress1 -- User03 -- correct group3 -- allocated Port Group -- TS-Agent
So now it happens that many Users are logged in, but it seems that for the firewall policy always entry number 1) or 2) is used. Entry number 1) 2) is always the last RDP User who logged in, I think. And now User01 gets the Firewall restrictions for User03....
I think that the DC-Agent entries about the RDP User causes the failures, because in this situation only the TSAgent entries are usefull for me, all other are trash. Is there a way to tell the firewall to prefer the TS-Agent entries?
Can someone tell me, what i did wrong?
Thanks!
Manuel Wagner-Meingassner