Hello Guys,
We are using FSSO in polling mode, in order to authenticate users running MAC OS devices.
So far so good, but as "workstation verification" is not applicable for non Windows operating systems, now the question is how to deal with the agent timers.
Logically, "workstation verification" was set to 0, as it is unusable in the case. Being unable to verify if the workstation is still online, we rely only on "Dead entry time-out interval". The problem here is that you are not able to know long the respective person will work (could be more that 480 min), and the biggest problem, where users do not log off or restart some time for weeks.
Having this in mind, I set the "Dead entry time-out interval" to 0 as well, where the user will stay with 'logged in' status forever. However, a new logon event (either from the same user or a different user) from the same workstation will overwrite/refresh the record.
That works for me, but what happens if we have IP change do to some mobility or switching from cable to wifi?
And what happens when the log entries gets so much, that we have different users appearing with the same IP?
Please for your expert explanation, and eventual recommendations.
Thank you in advance!
Cubcho
Any comments on the topic?
No One?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.