Problem with FSSO FortiGate on Two Domain Controllers

Damian550 · ‎03-04-2025

At random moments, a user is incorrectly recognized by FSSO and does not receive the permissions they should. This happens sporadically but has been occurring more frequently lately.

FSSO and the DC Agent are installed on each Domain Controller. They are configured so that each FSSO monitors all domains.

Regarding the FortiGate configuration, the primary connection is set to the first DC, while the second DC is configured as a backup.

FG ver 7.2.11

Collector Agent version: 5.0.0319

DC agent version 5.0.0315

AEK · ‎03-04-2025

Does it occur when a user switches from Ethernet to WiFi?

Otherwise can you provide more info on the context and the behavior?

AEK

Damian550 · ‎03-06-2025

Yes, after turning off the user's WiFi and connecting via Ethernet, the issue has been resolved for now. The user falls under the appropriate policies.

AEK · ‎03-07-2025

You are probably hitting a known case due to DNS update. The following solution and tech tip by @xsilver_FTNT should help.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FSSO-with-Dual-network-interface-card-NIC-...

https://community.fortinet.com/t5/Support-Forum/Fortigate-FSSO-user-switch-between-LAN-and-WAN/m-p/8...

AEK

Problem with FSSO FortiGate on Two Domain Controllers

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website