Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Eleguardini
New Contributor II

No connection after login -> need reboot

Hi to everybody,

hoping to have chosen the right group, here's my problem:

one week ago one of my clients started complaining about the fact that, after they login in the pc, there wasn't any connection; the pc was able to ping other clients inside the lan (so apparently ip was given) but not outside. They tried rebooting the pc one to three times and, at that point, the connection began to work again (as far as I know some of them use the "clean boot" method, the clients are windows 10/7). The fortigate has configured the LDAP server with a FSSO Agent installed on each DC (they are 2), of which I've uploaded the configuration (removing the sensitive information).

Does someone have experienced such issue?

Thank you in advance for your help.

Eleonora

2 REPLIES 2
xsilver_FTNT
Staff
Staff

Hi,

from attached config it seems that you are using NetAPI polling method only.

Collector will listen to DC/TS Agents but there is not a single agent seen in config, not sure if due to config sanitation before post or because there is no agent installed anywhere on DC.

 

NetAPI polling is a bit old method and if you do not poll in time then logon loss might happen.

 

Therefore, if your domain consist of Windows 2008 DCs or newer, I would strongly recommend to switch to WinSec polling, or even to WinSec+WMI polling method. Those methods do not loose logons but if there is too many logons in WinSec log the collector might get slightly behind the rate of logons, but will never loose a logon, just delay its processing.

Poll all the DCs for the respective domain, with RODC exemption.

 

If you do use DCAgents and they were just removed from presented config, then make sure you have agents installed on all DCs as well. As workstation might choose different logon server then you are reading data from and then you might not see logon.

Successful logon audit needs to be set cross whole domain, via GPO, and applied on all domain DCs.

 

Then you should spot logon events, not miss any, and process in time.

As result you should have user logon list populated on Collector.

And such logons pushed to connected FortiGates according to Group Filters set (and I would highly recomend to set filters either from Collector side or from FortiGate side [that's what LDAP is used for in FSSO Agent setup]).

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Eleguardini

Hi xsilver,

first of all I want to apologize for not answering before to your quick and helpful answer. At the end I've install to both DCs the DC agents, to avoid losing logins, and I've set to ignore the logins of some of the system users that were probably logging in some computer at times. Probably next week I'll find out if it worked or not. I will update the post here.

Anyway thank you so much for taking the time to answer my question.

Eleonora

Labels
Top Kudoed Authors