Helpful ReplyHot!Workstation verify and Dead entry timeout intervals - FSSO

Author
fjulianom
Silver Member
  • Total Posts : 98
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
2018/06/06 15:24:00 (permalink)
0

Workstation verify and Dead entry timeout intervals - FSSO

Hi experts,
 
About these two timers we have the following:
 

 
According to me there is no difference when a user correctly logs off or when a user forgets to log off and the workstation goes to standby mode or disconnected:
  1. When a user correctly logs off and turns off the workstation, and the Workstation verify interval kicks in, the collector agent cannot connect the workstation and the user status changes to "Not verified". The user entry remains in the collector agent for eight hours (by default) and then is purged.
  2. When a user forgets to log off and directly closes the workstation, the workstation is again turned off or in standby mode, then when the Workstation verify interval kicks in, again the collector agent cannot connect the workstation and user status changes to "Not verified". The user entry remains in the collector agent for eight hours (by default) and then is purged.
Is this correct or am I missing something?
 
Regards,
Julián

Attached Image(s)

#1
fjulianom
Silver Member
  • Total Posts : 98
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: Workstation verify and Dead entry timeout intervals - FSSO 2018/06/07 09:26:40 (permalink)
0
Hi guys,
 
Any idea? Or what steps does the collector agent go through when a user correctly logs off and turns down his workstation when leaving work?
 
Regards,
Julián
#2
fjulianom
Silver Member
  • Total Posts : 98
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: Workstation verify and Dead entry timeout intervals - FSSO 2018/06/12 12:20:12 (permalink)
0
Hi guys,
 
Any idea?
 
Regards,
Julián
#3
fjulianom
Silver Member
  • Total Posts : 98
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: Workstation verify and Dead entry timeout intervals - FSSO 2018/07/11 06:54:10 (permalink)
0
Hi guys,
 
No one know this?
 
Regards,
Julián
#4
neonbit
Platinum Member
  • Total Posts : 462
  • Scores: 45
  • Reward points: 0
  • Joined: 2013/07/02 21:39:52
  • Location: Dark side of the moon
  • Status: offline
Re: Workstation verify and Dead entry timeout intervals - FSSO 2018/07/11 07:37:08 (permalink) ☄ Helpfulby fjulianom 2018/07/11 09:12:09
0
Hi Julián, I'd agree with your statement. There is no log sent to the Collector/FGT when a user logs off, so there's no difference if they log off, put their station in standby or shutdown. The workstation verify determines how often the collector agent will try to contact the station to determine if the user is still logged in, once it can't determine the status it goes in the dead interval timer where it gets purged after a certain amount of time.
#5
fjulianom
Silver Member
  • Total Posts : 98
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: Workstation verify and Dead entry timeout intervals - FSSO 2018/07/11 09:12:06 (permalink)
0
Yes, so Fortinet should edit in the documentation the sentence "Dead entries usually occur because the computer is unreachable (such as in standby mode or disconnected) but the user has not logged off. A common reason for this is when users forget to logoff before leaving the office for the day.". It seems dead entries apply to every computer which is turned off, either the user has logged off or not.
 
Regards,
Julián
#6
Jump to:
© 2018 APG vNext Commercial Version 5.5