Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPv4 Policys with FSSO - Missing User

Hi together,


this is my first question to the forum and I'll try to be as informational as possible.

Our problem is that some users can't surf after their first logon into windows or after changing the network (for example from LAN to WLAN) until they log off and on again or waiting a few minutes. We can't reproduce the problem where a log off/log on does help, but we can reproduce the problem when changing the network. Everytime this problem occurs the users are prompted with the block page of the Fortigate, because there's no web profile matching. In the block page there is no user listed. Normally when a user is blocked from surfing because he trys to open a forbidden page, there's always a user prompted in the block page. In the logs of the DC agents, collector agents and FSSO log on the Fortigate we can see that every user logon and ip change is recognized immediatly and is pushed to the Fortigate.

We've already checked our complete setup, even with the Fortinet support, without any success. I'm hoping now that someone here's the one who knows the solution.


Our setup: Two domain controllers with DC agents installed. Two collector agents and an external Fortigate cluster where we're using the FSSO usergroups to allow the users via IPv4 policys matching on user groups the access to the internet.


Thanks a lot in advance.


Kind regards,


Top Kudoed Authors