Using FortiGate 60D on 5.0.9. FSSO collector agent has been and is working pretty much as expected. E.g., I can see FSSO login events associating users to their IPs.
But some IP's are losing their userID associations in the traffic logs including web filtering logs. It is not a timeout issue because the user I'm investigating shutdowns every night and logs in every morning. It has been this way for over a month now: no userID is associated with the user's IP for the past month. Some other users on this firewall are okay, that is, their userIDs are associated with the IP they are working from.
We've tried the following to fix the userID/IP that is not working:
[ul]Anyone have a fix or other ideas?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Peifer wrote:Next we're going to force the laptop to a new IP. I don't have the results yet.
We forced a new IP address for the laptop and the issue is now resolved for the user.
Now my questions are (1) why there was a problem? and (2) whether there is some way to handle this on the FortiGate? I don't want to be forcing systems to new IP addresses each time this problem comes up (and I indeed see that I have other IP addresses with this problem). If I have see the problem with 192.168.1.55, I'd be happy with a FortiGate CLI command such as "fsso recollect 192.168.1.55" or "fsso remove 192.1268.1.55" and let it refresh itself.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.