Hello, I'm trying to setup agentless fsso polling mode.
I want to know, what permissions is required for user which is connecting to active directory?
and also want to know, if this method is good to setup firewall policies per AD user/groups.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, I'm having a problem with this configuration. Does anyone know which permissions are required for a user to connect to Active Directory?
do the FSSO need additional license? or can it work on a device without license?
No, you don't need any additional license for FSSO, just regular FortiCare for your Fortigate so that you can download FSSO Agent install .msi from support.fortinet.com
Formally, the user just needs membership in "Event log readers" group, i.e. be able to read AD Event Logs.
In general, direct polling is OK in small deployments - dozen or so PCs, the larger the AD the less reactive it becomes. From my experience, all clients that started with direct polling eventually switched to FSSO Agent based polling, just saves lots of head ache in the long run.
I think so, use the FSSO to avoid extra cpu and ram usage on my fortigate.
do the FSSO need additional license? or can it work on a device without license?
No, you don't need any additional license for FSSO, just regular FortiCare for your Fortigate so that you can download FSSO Agent install .msi from support.fortinet.com.
is there a complete guide for FSSO and transparent web-filtration?
my task is to set up web-filtering policies on AD users and avoid them fortigate sign-on page and make it transparent.
There are too many guides, actually, but you may start with this one (even though it is for FortiOS 5.4 the workflow is current today as well) https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/366887/single-sign-on-using-ldap-and-fss...
Hi @lrazmadze,
FSSO is transparent to users. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FSSO-choose-between-DC-Agent-mode-or-Polli...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.