Configuring the FSSO Collector agent for Windows AD

4 Replies

Selecting Domain Controllers and working mode for monitoring

You can change which DC agents are monitored or change the working mode for logon event monitoring between DC agent mode and polling mode.

When polling mode is selected, it will poll port 445 of the domain controller every few seconds to see who is logged on.

1. From the Start menu select Programs > Fortinet Fortinet Single Sign-On Agent > Configure Fortinet

Single Sign On Agent.

2. In the Common Tasks section, select Show Monitored DCs.

3. Select Select DC to Monitor.

4. Choose the Working Mode:

  • DC Agent mode — a Domain Controller agent monitors user logon events and passes the information to the Collector agent. This provides reliable user logon information, however you must install a DC agent on every domain controller in the domain.
  • Polling mode — the Collector agent polls each domain controller for user logon information. Under heavy system load this might provide information less reliably. However installing a DC agent on each domain controller is not required in this mode.

5. You also need to choose the method used to retrieve logon information:

  • Poll logon sessions using Windows NetAPI
  • Check Windows Security Event Logs
  • Check Windows Security Event Logs using WMI

For more information about these options, see Polling mode on page 556.

6. Select OK.

7. Select Close.

8. Select Save & Close.

Pages: 1 2 3 4 5 6 7
This entry was posted in FortiOS 5.4 Handbook and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

4 thoughts on “Configuring the FSSO Collector agent for Windows AD

  1. Khan

    hello,
    the domain controller on which fsso agent is installed could be in any vlan forexample, fortigate firewall is vlan 60 and DC on which agent is installed in vlan 50 and intervlan routing is enables we can ping the firewall from the domain controller but in this setup of different vlan the fsso agent should work with fortigate without any problem because there is L3 communication between them. i have issue the collector agent doesn’t track the domain logon users and ipv4 policy in fortigate based on fsso agent groups is not working and i cant keep both agent and firewall in same vlan they are in different vlans but this shouldnt be an issue. please advise as i am tired of debugging and fortigate TAC is also not taking this issue serious. if anyone could help please…
    Regards

    Reply
  2. Lee

    Hi Khan

    FGT connect to FFSO agent via TCP port 8000 by default. As long as you allow traffic from vlan60 to vlan 50 with this port, the communication should be established

    You can verify server status via CLI commands

    FGT-VM-ESX-Router # diagnose debug enable
    FGT-VM-ESX-Router # diagnose debug authd fsso server-status
    FGT-VM-ESX-Router #
    Server Name Connection Status Version
    ———– —————– ——-
    FSSO connected FSAE server 1.1

    Hth

    Lee

    Reply
  3. Nuno

    Hi,

    I´m having this issue, on my fortigate de SSO Server is disconnected and on FSSO Agent there are 0 fortigate connected. I already configured the LDAP Server and it´s working . Does anyone have any idea?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.