Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

Workstation verify and Dead entry timeout intervals - FSSO

Hi experts,

 

About these two timers we have the following:

 

 

According to me there is no difference when a user correctly logs off or when a user forgets to log off and the workstation goes to standby mode or disconnected:

[ol]
  • When a user correctly logs off and turns off the workstation, and the Workstation verify interval kicks in, the collector agent cannot connect the workstation and the user status changes to "Not verified". The user entry remains in the collector agent for eight hours (by default) and then is purged.
  • When a user forgets to log off and directly closes the workstation, the workstation is again turned off or in standby mode, then when the Workstation verify interval kicks in, again the collector agent cannot connect the workstation and user status changes to "Not verified". The user entry remains in the collector agent for eight hours (by default) and then is purged.[/ol]

    Is this correct or am I missing something?

     

    Regards,

    Julián

  • 1 Solution
    neonbit
    Valued Contributor

    Hi Julián, I'd agree with your statement. There is no log sent to the Collector/FGT when a user logs off, so there's no difference if they log off, put their station in standby or shutdown. The workstation verify determines how often the collector agent will try to contact the station to determine if the user is still logged in, once it can't determine the status it goes in the dead interval timer where it gets purged after a certain amount of time.

    View solution in original post

    5 REPLIES 5
    fjulianom
    New Contributor III

    Hi guys,

     

    Any idea? Or what steps does the collector agent go through when a user correctly logs off and turns down his workstation when leaving work?

     

    Regards,

    Julián

    fjulianom
    New Contributor III

    Hi guys,

     

    Any idea?

     

    Regards,

    Julián

    fjulianom
    New Contributor III

    Hi guys,

     

    No one know this?

     

    Regards,

    Julián

    neonbit
    Valued Contributor

    Hi Julián, I'd agree with your statement. There is no log sent to the Collector/FGT when a user logs off, so there's no difference if they log off, put their station in standby or shutdown. The workstation verify determines how often the collector agent will try to contact the station to determine if the user is still logged in, once it can't determine the status it goes in the dead interval timer where it gets purged after a certain amount of time.

    fjulianom
    New Contributor III

    Yes, so Fortinet should edit in the documentation the sentence "Dead entries usually occur because the computer is unreachable (such as in standby mode or disconnected) but the user has not logged off. A common reason for this is when users forget to logoff before leaving the office for the day.". It seems dead entries apply to every computer which is turned off, either the user has logged off or not.

     

    Regards,

    Julián

    Labels
    Top Kudoed Authors