currently we use FSSO to manage internet access allowed to users based on their AD group.
FSSO gets the info from our two DNS\ DCs
this weekend we will be replacing our DCs, the final step will be to assign the IP addresses of the two old DCs to the new ones.
so how does that affect FSSO? do I still need to create new AD entries on each of our fortinets for the new DCs, then change the IP on each at the end?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you using on-firewall polling? Or are you using FSSO agent collectors? I know that my pet peeve about the agent collectors is that they don't automatically update even if you reuse the IPs. It seems to refer to the unique identifiers for the domain controllers and not the IPs. When we cycled through replacing old DCs with newer versions of windows, we had to go through the FSSO agent config and click all the newly created checkboxes and then sync those configs to other collectors. I'm not sure how the process on the firewall itself works.
CISSP, NSE4
we are using the collector agent that run on two servers. one as backup.
so sounds like I would have to go and edit the two active DC agents on each server.
did you also have to go into each fortinet and add the new DCs even though you ended up reusing the IPs?
would not surprise me if you have to, since the names will change even though the IP will not (eventually)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.