Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If the logon in Firewall user monitor is FSSO then most probable reason is that your DNS returns that wrong IP for your workstation name. And as FSSO relies heavily on DNS, then wrong IP is picked up for logon records.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
That looks really as DHCP/DNS issue. When you see difference in IP addresses > run in command line on your DC: nslookup workstation_name Result will be what your DNS sees. You will very likely see IP address that is also in Collector Agent(s). Fix is on DNS/DHCP.
livo
Yes, that's good approach.
Check and compare affected workstations' ipconfig with nslookup <workstattion-name> run on workstation .. those are supposed to be same.
If it's FSSO setup then check nslookup on DC where Collector runs. As THIS is the point where DNS lookup or getHostByName is done and from this point of view is the IP resolved. And again, if whole DNS works well then even this nslookup result should show same IP as on workstation. You might also want to check that DC and workstation has same DNS setting.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.