DescriptionFSSO collector agent by default tries to detect workstation
IP address changes by resolving the workstation host names via DNS. The
interval in which the IP address verification occurs is configured by
the 'IP address change verify interva...
DescriptionWhen configuring FSSO, administrators have the ability to
specify which user groups will be monitored by FSSO. The Group Filter
can be defined either locally on FortiGate or directly on FSSO Collector
Agent. While in general the group filt...
DescriptionSince the release of FortiOS 6.2, the FortiOS proxy daemon
(WAD) will strip domain names from usernames when domain is specified
with backslash (DOMAIN\username). This behavior allows matching of
locally defined users before contacting rem...
DescriptionThis article describes how to configure SSL VPN OS check for
Windows 10 clients with specific Windows build number.Solution# config
vpn ssl web portal edit set os-check enable set
skip-check-for-unsupported-os # config os-check-list
{ ma...
DescriptionThis article describes how to move FortiToken Mobile between
VDOMs.Solution1) Ensure the FortiToken mobile to move is not assigned to
any user.2) Note down the Serial Number of the FortiToken to move to
different VDOM. 3 )Delete the token ...
You always have to define the individual LDAP/RADIUS users when you want
to enforce 2FA on Fortigate. Bellow is an example of email
authentication enabled for LDAP user. config user local edit "test_user"
set type ldap set two-factor email set email-...
Hi Shaabash, Without seeing the route tables and OSPF database, I can
only guess that this is due to type 2 external route being used by
default. You can try to redistribute the connected routes as type 1, so
that the internal metric is accumulated a...
The Common Name Identifier should be just "cn" , "uid" or whichever
attribute you want to be searching for. Example: config user ldap edit
ldap-server set cnid cn next end There could be other misconfigurations,
but you may have masked them with the ...
Hi Michael, based on how the issue is described, it sounds more like
wifi related problem. You should probably ensure that there is no packet
loss between the clients and Fortigate - SSL VPN is very sensitive to
it. You can simply test by pinging the...
Hi David, you only need to install the FAC Windows Agent to
workstations/servers where you want to enforce 2FA authentication. The
token authentication can be enabled/disabled per-domain bases. You can
however exempt individual users/groups from 2FA....