On the firewall monitor i can see all FSSO logons. I am sure in 5.0.x
the SSO_Guest_Users used to clear out once the user logged into the pc
again (or just lock the pc and unlock it). Now on 5.2 i can see the
guest and the actual user for each ip add...
Wondering if anyone is having the same issue. I did raise a ticket with
fortinet, but they close the ticket saying that they didnt think there
was an issue and that i should reload the firmware and roll back if it
breaks anything........... As i dont...
My cluster of 2 x Fortigate 60C hits 100% very very often. One of the
many changes im doing is reducing the amount of logging and UTM being
done and apply them to traffic a bit more specific. I have also change
most of the utm from proxy to flow-base...
Interesting... ive just turned it ON again just to see if i could see
something on the Network tab of the chrome dev tools... but the pages
are now working OK.... and ive not done any config changes
Thanks @hklb This should be all the config needed to mimic mine on
yours. config webfilter profile edit " MonitorUserActivity" set comment
" log all user activity" set inspection-mode flow-based config override
set ovrd-user-group " " end config web ...
Why disable the SIP-ALG? If you dont apply a voip profile to your
policy, then the fortigate will use the session-helper rather than the
SIP-ALG. Or am i missing something else here? " SIP sessions using port
5060 accepted by a security policy that d...
.... So when trying to do the same change over CLI, the error is more
descriptive. ========== fgt60c_ha_1 (default) # set inspection-mode
flow-based failed! profile used by policy settings! node_check_object
fail! for inspection-mode flow-based value...
