Hot!FSSO and ip addresses that change

Author
Mbutler522010
Bronze Member
  • Total Posts : 31
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/02/21 17:00:56
  • Location: Washington State
  • Status: offline
2015/11/05 13:54:45 (permalink)
0

FSSO and ip addresses that change

I've got a strange problem that crops up. I think the issue is that people get a new ip address without re-logging on and the FSSO/fortigate gets confused.
 
Situation:
multiple sites, different subnet on each site. Windows laptops, Aruba wireless, Fortigate with FSSO authenticated AD groups, Fortigate policies based on AD groups.
 
Person logs into their windows laptop at site A, successfully connects to internet through Fortigate. Closes the lid, drives to site B, opens the lid (gets a new IP address from DHCP.) After coming out of sleep, the laptop has internal network access (i.e. to local file servers) but nothing through the Fortigate. The Fortigate logs show an unauthenticated person at the new IP address trying to get through. I always have to tell them to reboot the laptop and then all is ok.
 
 
I have the "IP address change verify interval (seconds)" set to 60 in the Single Sign On Agent config screen even though I doubt it is needed because the documentation states "FSAE periodically checks the IP addresses of logged-in users and updates the FortiGate unit when user IP addresses change. This does not apply to users authenticated through NTLM. "
 
Is this a FSSO limitation or some kind of configuration error on my part? difficult to diagnose I know with such limited info but I would appreciate any pointers I could get.
Mark
 
#1

2 Replies Related Threads

    Iratxe
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/08 05:22:42
    • Status: offline
    Re: FSSO and ip addresses that change 2019/03/08 05:23:50 (permalink)
    0
    Hi,
     
    I'm facing the same issue. Have you solve this?
     
    Regards,
     
    Iratxe
    #2
    2pm
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/10/30 13:46:33
    • Status: offline
    Re: FSSO and ip addresses that change 2019/11/04 13:21:44 (permalink)
    0
    Did you every find a solution to this? We have installed FortiGates at all our location and we are experience the same issue.
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5