I am new to Fortigate (this is also my 1st post to the forum) and attempted to setup FSSO.
I followed the steps as described in this link (http://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/), hiowever after completing all the steps - I can see the logins from my users in the FSSO agent installed on the DC, however I am seeing nothing on Fortigate.
There is no user entry under "User & Device > Monitor > Firewall" - and from CLI I get the below:
# diagnose debug authd fsso list ----FSSO logons---- Total number of logons listed: 0, filtered: 0 ----end of FSSO logons----
Did I miss something or do something wrong? Any advice welcome.
As you set up standalone Collector Agent on DC (if you followed cookbook receipt), then you do not need Local FSSO poller on FortiGate .. remove it from 'config user fsso-polling'.
Make sure that your fsso 'config user adgrp' records are paired to right Collector "TCMVPN-FSSO" and not to local poller.
Then check users in Collector / Show Logon Users and their group membership. It seems to me probable that they are not matching group filters set and therefore they are not reported to FortiGate. Check Group Filters on Collector and on FortiGate. If you run in advanced mode then filters should be in LDAP format like "CN=group,DC=example,DC=com". Also make sure that you have selected LDAP objects which are actually groups (they must have LDAP ObjectClass=group) and not users or anything else!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.