- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Poll AD Server
Hello, I'm trying to setup agentless fsso polling mode.
I want to know, what permissions is required for user which is connecting to active directory?
and also want to know, if this method is good to setup firewall policies per AD user/groups.
- Labels:
-
Authentication
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I'm having a problem with this configuration. Does anyone know which permissions are required for a user to connect to Active Directory?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
do the FSSO need additional license? or can it work on a device without license?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, you don't need any additional license for FSSO, just regular FortiCare for your Fortigate so that you can download FSSO Agent install .msi from support.fortinet.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Formally, the user just needs membership in "Event log readers" group, i.e. be able to read AD Event Logs.
In general, direct polling is OK in small deployments - dozen or so PCs, the larger the AD the less reactive it becomes. From my experience, all clients that started with direct polling eventually switched to FSSO Agent based polling, just saves lots of head ache in the long run.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think so, use the FSSO to avoid extra cpu and ram usage on my fortigate.
do the FSSO need additional license? or can it work on a device without license?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, you don't need any additional license for FSSO, just regular FortiCare for your Fortigate so that you can download FSSO Agent install .msi from support.fortinet.com.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is there a complete guide for FSSO and transparent web-filtration?
my task is to set up web-filtering policies on AD users and avoid them fortigate sign-on page and make it transparent.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are too many guides, actually, but you may start with this one (even though it is for FortiOS 5.4 the workflow is current today as well) https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/366887/single-sign-on-using-ldap-and-fss...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @lrazmadze,
FSSO is transparent to users. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FSSO-choose-between-DC-Agent-mode-or-Polli...
Regards,