Logon event RDP for FSSO
We use FSSO to allow or not connection to Internet for users.
We have a problem when we use RDP (Windows remote desktop), they credentials using on the remote desktop are updated also on the computer who has lauch RDP.
We have reproduce this issue.
We are connected with ABC account on 10.1.1.1.
We launch a RDP session from 10.1.1.1 to 10.2.2.2 with account DEF.
After that, we can see on the fortigate the DEF account on 10.2.2.2 and on 10.1.1.1.
So from the computer 10.1.1.1 with ABC account, we have DEF rights !
So we need to De-authenticate DEF on Fortigate or restart a session to restore ABC rights on 10.1.1.1.
When we look logon log on FSSO collector, we can see that DEF connect in first on 10.1.1.1 and after 10.2.2.2.
So, why Windows RDP send a logon event whith DEF on 10.1.1.1 ?
Do you know this problem ?
I've opened a ticket on fortinet support, but I think it's not a FSSO bug. This is why I allow myself to ask the question here.
Thank you so much in advance.