Re: External Connector FSSO Agent on Windows AD

bpozdena_FTNT · 07-28-2023

Description This article explains the RADIUS server reachability status cache which was introduced in FortiOS 7.4.0. Scope FortiOS 7.4. Solution When configuring a secondary or tertiary RADIUS server, all FortiOS versions before version 7.4 would alw...

bpozdena_FTNT · 09-29-2021

Description This article describes that the FSSO collector agent by default tries to detect workstation IP address changes by resolving the workstation host names via DNS. The interval in which the IP address verification occurs is configured by the ...

bpozdena_FTNT · 05-27-2021

Description This article describes how to correctly configure Group Filter on Collector Agent. When configuring FSSO, administrators have the ability to specify which user groups will be monitored by FSSO. The Group Filter can be defined either local...

bpozdena_FTNT · 04-12-2021

DescriptionSince the release of FortiOS 6.2, the FortiOS proxy daemon (WAD) will strip domain names from usernames when domain is specified with backslash (DOMAIN\username). This behavior allows matching of locally defined users before contacting rem...

bpozdena_FTNT · 05-15-2020

Description This article describes how to configure SSL VPN OS check for Windows 10 clients with specific Windows build number. Scope FortiGate v6.2 and above. Solution config vpn ssl web portal edit set os-check enable set skip-check-for-unsupporte...

bpozdena_FTNT · 10-09-2024

Hi Marcus, this may be a bit too complex to solve with just the provided info. But I can give you a few hints, that I think you will find helpful: The issue I see is with `current-bandwidth=0(kbps)` . This indicates that there is no traffic matching ...

bpozdena_FTNT · 04-15-2024

Yes, this is indeed a problem if both the agents are monitoring the same domain. Every time the same user is discovered via different fabric connector, all existing IP sessions from the source IP address are cleared from Fortigate. You should complet...

bpozdena_FTNT · 04-08-2024

If you have SDWAN already implemented, you will simply need to create a new SDWAN rule and specify the LAN IP as source. You will then manually select the outgoing interface there. Note that SDWAN rules are assessed from to to bottom, so you will lik...

bpozdena_FTNT · 04-08-2024

DNAT on Fortigate is configured using Virtual IPs. It's exactly the same with or without SDWAN. See the below documentation for more details:https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/728694/destination-nat

bpozdena_FTNT · 04-04-2024

This mostly happens when you import config from another Fortigate unit. The fix is simple, just delete both the free FortiTokens from Fortigate GUI. A new button will then appear, which will allow you to download new ones.

User Statistics

User Activity

Technical Tip: RADIUS server reachability status cache

Technical Tip: Optimization of FSSO workstation IP address verification

Technical Tip: FSSO Group Filter configured on Collector Agent

Technical Tip: Domain name stripping behavior for proxy authentication

Technical Tip: How to configure FortiClient SSL VPN check for Windows version and build

Re: Traffic shaping profiles, diagnose netlink interface list show Qdisc=noqueue

Re: Problem with FSSO removing users from auth

Re: choose between multiple ISP

Re: Setup NAT to Web Server with SD-Wan Interface

Re: error token in Fortigate

Re: External Connector FSSO Agent on Windows AD

Re: Fortigate Firewall Policy | GUI Table

Re: Upload a logo image via CLI

Re: Automation -> CLI Script: Use date as Part of ...

Technical Tip: How to configure FortiClient SSL VP...

Re: Setup NAT to Web Server with SD-Wan Interface

Re: How to add remote server certificate to the Fo...

Re: Delete local cert using FortiGate API

Re: internal host resolution for firewall services

Re: Wrong Policy match

KCS