Hot!Is FortiGate as a local FSSO poller with mutiple DC's possible?

Author
J13224
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/11 13:50:23
  • Status: offline
2018/07/11 13:56:58 (permalink)
0

Is FortiGate as a local FSSO poller with mutiple DC's possible?

Can FSSO work in a small AD network with 2 DC's using the FG as a Local FSSO poller (Agentless)
I have it configured with 2 SSO connections one to each DC but it does not seem to be capturing logons to the 2nd DC. 
 
I have seen mixed information as to if this is possible without an "external" collector agent.
 
Thanks,
#1

3 Replies Related Threads

    xsilver_FTNT
    Expert Member
    • Total Posts : 362
    • Scores: 61
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: Is FortiGate as a local FSSO poller with mutiple DC's possible? 2018/07/12 00:48:09 (permalink)
    0
    Hi J13224,
    local polling from FortiGate is possible.
    However it has it's limits. Mainly:
    - no workstation checks
    - no other methods of log collection but WinSec polling only with fixed EventIDs polled
    - no IP change monitoring
    - logon processing load affect firewall
     
    Standalone Collector Agent is from my point of view much better solution.
    Even for small environments like 1-2 DCs.
    I would suggest to install Collector on one DC (or both for resiliency, but FortiGate will use only one at a time and switch to other when old one is unreachable).
    And I wouls suggest to use WinSec polling with WMI (last polling option in settings).
     
    Kind regards,
    Tomas

    Kind Regards,
    Tomas
    #2
    J13224
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/11 13:50:23
    • Status: offline
    Re: Is FortiGate as a local FSSO poller with mutiple DC's possible? 2018/07/19 15:30:39 (permalink)
    0
    Thanks Tomas,
     
    I think I will deploy with the Collector Agent as you suggest,  I like the additional features.
     
    But I am wondering, in case it comes up in the future. Do you know if Fortigate can support local polling from the FortiGate from multiple DC's.  "Technically" it looks like is should and the unit does not display any errors when I set it up,  it just does not record the secondary server logons and I do not get any debug errors.  In fact I see the FG logon in the security event viewer of the second DC.  The events just do not get merged with the primary.
     
    Thanks again,
     
    Jim Greco
     
     
    #3
    xsilver_FTNT
    Expert Member
    • Total Posts : 362
    • Scores: 61
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: Is FortiGate as a local FSSO poller with mutiple DC's possible? 2018/07/20 00:54:29 (permalink)
    0
    Sorry to say, but I would not bother with local polling for more than a single DC in single domain and few users.
    Anything bigger than that is way better via standalone Collector Agent of FortiAuthenticator.
    Both can handle single domain and few users up to tens of DCs, multidomain environment and thousands of users.
    Why I should load FortiGate and use precious resources where what I need from FW is speed, and I do have plenty of resources on DCs + free of charge standalone Collector Agent ?
    I do not really see the point in local polling beside initial test (POC).

    Kind Regards,
    Tomas
    #4
    Jump to:
    © 2018 APG vNext Commercial Version 5.5