Can FSSO work in a small AD network with 2 DC's using the FG as a Local FSSO poller (Agentless)
I have it configured with 2 SSO connections one to each DC but it does not seem to be capturing logons to the 2nd DC.
I have seen mixed information as to if this is possible without an "external" collector agent.
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi J13224,
local polling from FortiGate is possible.
However it has it's limits. Mainly:
- no workstation checks
- no other methods of log collection but WinSec polling only with fixed EventIDs polled
- no IP change monitoring
- logon processing load affect firewall
Standalone Collector Agent is from my point of view much better solution.
Even for small environments like 1-2 DCs.
I would suggest to install Collector on one DC (or both for resiliency, but FortiGate will use only one at a time and switch to other when old one is unreachable).
And I wouls suggest to use WinSec polling with WMI (last polling option in settings).
Kind regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Thanks Tomas,
I think I will deploy with the Collector Agent as you suggest, I like the additional features.
But I am wondering, in case it comes up in the future. Do you know if Fortigate can support local polling from the FortiGate from multiple DC's. "Technically" it looks like is should and the unit does not display any errors when I set it up, it just does not record the secondary server logons and I do not get any debug errors. In fact I see the FG logon in the security event viewer of the second DC. The events just do not get merged with the primary.
Thanks again,
Jim Greco
Sorry to say, but I would not bother with local polling for more than a single DC in single domain and few users.
Anything bigger than that is way better via standalone Collector Agent of FortiAuthenticator.
Both can handle single domain and few users up to tens of DCs, multidomain environment and thousands of users.
Why I should load FortiGate and use precious resources where what I need from FW is speed, and I do have plenty of resources on DCs + free of charge standalone Collector Agent ?
I do not really see the point in local polling beside initial test (POC).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.