Created on 07-03-2024 04:22 AM Edited on 08-08-2024 06:24 AM By Jean-Philippe_P
Hello! I need help with setting up agentless polling configuration on FortiGate.
I have a FortiGate device and an AD server where our company's users are located. I've been exploring the option of using agentless polling to implement and monitor these AD users in FortiGate. I'm having trouble adding FSSO-CA (FSSO Agent on Windows AD).
I can see the server and can telnet using port 445, but the FSSO-CA status shows as disconnected. Could the issue be related to the user? What privileges and rights does this user need? How should I correctly configure this setup so that FSSO Agent on Windows AD can see FortiGate and function properly?
Please assist me.
#FortiGate FortiAuthenticator FortiAnalyzer
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you want to use direct polling without a collector agent installed on the AD/DC you should configure "Poll Active Directory Server".
If you are choosing "FSSO Agent on Windows AD" you will need the collector installed on the AD as shown in this article. This communication is done on port 8000.
If you ask about agent-less (direct) polling, see what I said here https://community.fortinet.com/t5/Support-Forum/Poll-AD-Server/td-p/324005
do the FSSO need additional license? or can it work on a device without license?
No, you don't need any additional license for FSSO, just regular FortiCare for your Fortigate so that you can download FSSO Agent install .msi from support.fortinet.com
Hi @Liza1,
The following debugs on FortiGate will be useful:
# diagnose debug application fssod -1
# diagnose debug application smbcd -1
# diagnose debug en
Regards,
If you want to use direct polling without a collector agent installed on the AD/DC you should configure "Poll Active Directory Server".
If you are choosing "FSSO Agent on Windows AD" you will need the collector installed on the AD as shown in this article. This communication is done on port 8000.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.