Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wismail
New Contributor

Unauthenticated user

How to display unauthenticated users in the "Forward Traffic" Logs?

 

Set the Active Directory Connector in "External Connector" and it is working perfectly. but none of the users are shown except one with pink color (un-authenticated user) how can I get the remaining users and why this user only is showing?

 

FortiGate 

Wael Ismail
Wael Ismail
1 Solution
akanibek

Then, what kind of logon eventID is generated by your Active directory?

Try to create logon event and run commands above again.

Also, where is your screenshoot with shown logged on user? In your debug outputs, there is no logged on users at all.

 

FortiGate (FGT) has an integrated poller as well. Its local polling mode also uses the Windows Security Event logs, however currently the supported event subset is smaller.

• Windows 2008/2012/2016/2019 Event IDs: 4768, 4769, 4776
• Windows 2003 Event IDs: 672, 673

_____________________
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Windows-event-IDs-used-by-FSSO-in...

 

 

 

 

Asset

View solution in original post

7 REPLIES 7
akanibek
Staff
Staff

Hey Wael,

It seems like you forgot to enclose the screenshot.

Please attach the screen, then execute command in console (if it is really AD connector):

#diag de enable

#diag debug fsso-polling detai

#diag debug fsso-polling use

 

Share outputs as well.

Asset
wismail
New Contributor

below:

FG-FW-01 # diag de enable

FG-FW-01 # diag debug fsso-polling detai
AD Server Status(connected):
ID=1, name(10.1.1.4),ip=10.1.1.4,source(security),users(0)
port=auto username=ldapmaster
read log eof=1, latest logon timestamp: Fri Mar 3 00:38:52 2023

polling frequency: every 10 second(s) success(26219), fail(0)
LDAP query: success(0), fail(0)
LDAP max group query period(seconds): 0
LDAP status: connected

Group Filter:
CN=InternetUsers,CN=Users,DC=domain,DC=com

 

FG-FW-01 # diag debug fsso-polling use
FSSO: vd index(0), AD_Server(10.1.1.4), Users(0)

Wael Ismail
Wael Ismail
akanibek

Then, what kind of logon eventID is generated by your Active directory?

Try to create logon event and run commands above again.

Also, where is your screenshoot with shown logged on user? In your debug outputs, there is no logged on users at all.

 

FortiGate (FGT) has an integrated poller as well. Its local polling mode also uses the Windows Security Event logs, however currently the supported event subset is smaller.

• Windows 2008/2012/2016/2019 Event IDs: 4768, 4769, 4776
• Windows 2003 Event IDs: 672, 673

_____________________
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Windows-event-IDs-used-by-FSSO-in...

 

 

 

 

Asset
wismail

Yeah the evenIDs I can see on the client Machines. 

 

I dont have any authenticated users! only one who is un-authenticated and I want to see other like I see this one. I dont want to create an authentication captive protal now. I dont know how the FG only resolves his name

Wael Ismail
Wael Ismail
wismail

you are correct the EventIDs was not on the server. 

Wael Ismail
Wael Ismail
Sheikh
Staff
Staff

Hi wismail,

 

As you have mentioned that you are using "External connector", so are you using FSSO Agent on Domain controllers or do you have Collector Agent installed on a member server ?

 

Did you configure any Groups filtering ? Is there any other firewall in between FSSO Agent and FortiGate ?

 

Check these KB articles.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FSSO-Agent-in-polling-mode/ta-p/228136

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-cannot-connect-to-FSSO-Age...

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
wismail
New Contributor

No I am not using FSSO agent. just the connection to the domain controller the Fortigate is acting as FSSO. 

No firewall between the DC and the fortigate. 

Wael Ismail
Wael Ismail
Labels
Top Kudoed Authors