I got a Problem with I do also discuss with the TAC.
We have the behavior which for my oppinion is wrong. Our Setup ist FSSO Collector Agent running in DC Agent Mode. We have 3 Domain Controllers which send their events to the collector Agents.
Our problem is related to our remote users which are connected which pulse secure and frequently change IP Address by Logoff and Login. There is no lease time I can set on it. LAN Users with spcific lease times are not affected.
However our problem is that user which create the first login event, are presented with the old IP Address. After the workstation check the IP is then changed to the new real one. This also means that the user which is connected with IP address which was presented for the other user is cleared from the fsso database. That ends up in some Users unauthenticated because they are cleared from the user which is presented with the wrong "old" ip address.
You now will say check your dns. But dns is working properly. From the Logs I see the after assigning IP Address to the remote user via DHCP the DNS entry. NSLOOKUP also says that IP Address is correct and updatet.
Is there any kind of fsso internal dns or user cache? Or do you have an idea why this happens?
I had the same issue, the problem causa was the AD, do a test, ping the hostname of the machine and see which IP the ping respond to, probably the hostname will resolve to another IP different from the FSSO and even the AD event log.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.