Hi to everybody,
hoping to have chosen the right group, here's my problem:
one week ago one of my clients started complaining about the fact that, after they login in the pc, there wasn't any connection; the pc was able to ping other clients inside the lan (so apparently ip was given) but not outside. They tried rebooting the pc one to three times and, at that point, the connection began to work again (as far as I know some of them use the "clean boot" method, the clients are windows 10/7). The fortigate has configured the LDAP server with a FSSO Agent installed on each DC (they are 2), of which I've uploaded the configuration (removing the sensitive information).
Does someone have experienced such issue?
Thank you in advance for your help.
Eleonora
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
from attached config it seems that you are using NetAPI polling method only.
Collector will listen to DC/TS Agents but there is not a single agent seen in config, not sure if due to config sanitation before post or because there is no agent installed anywhere on DC.
NetAPI polling is a bit old method and if you do not poll in time then logon loss might happen.
Therefore, if your domain consist of Windows 2008 DCs or newer, I would strongly recommend to switch to WinSec polling, or even to WinSec+WMI polling method. Those methods do not loose logons but if there is too many logons in WinSec log the collector might get slightly behind the rate of logons, but will never loose a logon, just delay its processing.
Poll all the DCs for the respective domain, with RODC exemption.
If you do use DCAgents and they were just removed from presented config, then make sure you have agents installed on all DCs as well. As workstation might choose different logon server then you are reading data from and then you might not see logon.
Successful logon audit needs to be set cross whole domain, via GPO, and applied on all domain DCs.
Then you should spot logon events, not miss any, and process in time.
As result you should have user logon list populated on Collector.
And such logons pushed to connected FortiGates according to Group Filters set (and I would highly recomend to set filters either from Collector side or from FortiGate side [that's what LDAP is used for in FSSO Agent setup]).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hi xsilver,
first of all I want to apologize for not answering before to your quick and helpful answer. At the end I've install to both DCs the DC agents, to avoid losing logins, and I've set to ignore the logins of some of the system users that were probably logging in some computer at times. Probably next week I'll find out if it worked or not. I will update the post here.
Anyway thank you so much for taking the time to answer my question.
Eleonora
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.