Does anyone have recent experience with FSSO in 6.X?
I would like to know if anyone has recent FSSO experience within a Citrix environment?
In the summer of 2019, I had my fair share of rather disappointing experience with FortiOS 5.6.x in combination with FSSO while I was testing out within my AD group of 5 members but the user information wasn't as accurate as I hoped for, causing all sorts of login issues for my team members. The plan was to deploy it for the whole Citrix environment to secure our DC environment using user-based authentication for the whole organization.
And I was just wondering if anyone had some new experience with the 6.x version since we will deploy soon 6.4.4 for our FGT environment. And was wondering whether we should upgrade the FSSO servers as well or just remove them.
for fsso with citrix on Terminal servers, you would need also Terminal Server Agents on each TS.
Without it, each new user will overwrite previous user. Why, because the traffic will leave server from same IP. You can't have multiple users on same IP. TS Agent will allocated particular port range to each user as a way to distinguish the users. These ports will be used for users' traffic. In traffic logs for these users, you would notice that originating port will be from a range of ports the user got allocated. In FortiGate run: di de authd fsso list
If there is an antivirus r similar on the TS server, it will likely proxy the traffic before it leaves TS and will also change the allocated ports as it is not transparent. This will result in traffic not matching the policy...
This, in general, works in most cases.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.