Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jboone
New Contributor

FSSO TS Agent issue

Hello all, I just set up FSSO DC Agent and it is working correctly, when a user logs in to the their local system it notices their log in and associates the user with the traffic in the web filter of the fortigate. As expected it wasn't working with the terminal servers that we have so we installed the terminal server agent and got it configured. It appears to be working correctly in that when I look in the fortigate under Monitor > Firewall User Monitor users signed into the terminal server show up and the method is FSSO Citrix not Fortinet Single Sign On like the local system so its talking to the fortigate but when I look under the web filter traffic users are not associated with the traffic. If I look at the details of a request, the source port corresponds to the correct port range in the Collector Agent Logon Users List on the domain controller, so everything appears to be correctly set up but I can't figure out why the user isn't being associated with the traffic like I would expect.

 

We are using a Fortigate 100D with firmware version 5.4.1 FSSO Agent and TS Agent 5.0.0250

 

Any help is greatly appreciated to help get this working. 

5 REPLIES 5
jboone
New Contributor

Anyone have any thoughts? I'm at a loss. 

MikePruett
Valued Contributor

Are the users hitting a policy above or below the correct one?

 

Mike Pruett Fortinet GURU | Fortinet Training Videos
jboone

I'm not sure how to tell if they are hitting a policy below it, but it is the very first policy so it should be hitting that one. It's the same policy as the local systems and it is working. 

jboone
New Contributor

I found where to see the policy the traffic is going through and it is in fact showing it is coming through the same policy as the local systems where the dc agent is working correctly. The users show up in the monitor > firewall user monitor so I'm not sure what is going on. 

radar
New Contributor

Probably (Microsoft and maybe FSSO Citrix agent) we having are the same symptoms with FSSO DC(Terminal  Server) agent installation on TS (MS) in 80 locations. From time to times, users put in or not to right web/applications data acces will be blocked (proxy users quest-no accesss, or proxy users -no internet access). 

At this time service request with priority2 is confirmed, but we are back(long time weekend in Poland to date 08.05) to confirm, and we will  started  test the solutions  suggested by fortigate support team.(Thanks Petr).

 

B.K

 

2xCluster FG3000D, 2xFAC3000E, 1xFAZ3000E, 1xFMGR300E, 2xFG100E Test and Dev, HW only.

 

2xCluster FG3000D, 2xFAC3000E, 1xFAZ3000E, 1xFMGR300E, 2xFG100E Test and Dev, HW only.
Labels
Top Kudoed Authors