Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Spiderpork
New Contributor

Logon Type with Webfilter based on LDAP with FSSO

Hi,

We have some policies with WebFilter ,so we can filter what users can do using two "users group" ,these user group are defined on an LDAP server totally managed by the customer.( so he can define what a user can do adding/removing it from some user group monitored from the FortiAgent ) If a user is not member of these two user group it should user Guest profile.

The problem is that sometimes a user match the Guest profile and not the correct one because the agent thinks that the user did a logoff even if he is correctly logged into his pc. When this happens I can't see the user in the FFSO user list,If I told him to logoff/logon into his pc the problem is solved.

Googling a lot i've seen that there are different event type in AD for a logon..

type 2 is for an interactive logon ( that is what we need..the logon to a PC for example )...

I think that FortiAgent read other event type and thinks that a user made a logoff ( for example from an RDP session )

 

(I tried both the external FortiAgent and the polling mode from the firewall but the problem is the same)

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors