Hot!wrong IP address allocation

Author
Eslam_Samy
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/03/03 23:48:26
  • Status: offline
2019/03/04 00:48:05 (permalink)
0

wrong IP address allocation

hello
I am having a Problem with one of the Notrbooks in my domain that any account log in to this notebook it shows a wrong IP address in the "Firewall user monitor " rather than the real one that the notebook already had , that is affecting logging to the internet

Fortigate 90D


thanks
#1

3 Replies Related Threads

    xsilver_FTNT
    Expert Member
    • Total Posts : 437
    • Scores: 93
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: wrong IP address allocation 2019/03/04 01:23:23 (permalink)
    0
    If the logon in Firewall user monitor is FSSO then most probable reason is that your DNS returns that wrong IP for your workstation name. And as FSSO relies heavily on DNS, then wrong IP is picked up for logon records.

    Kind Regards,
    Tomas
    #2
    Alivo_ FTNT
    Silver Member
    • Total Posts : 71
    • Scores: 22
    • Reward points: 0
    • Joined: 2013/04/30 12:42:47
    • Location: Fortinet TAC Prague
    • Status: offline
    Re: wrong IP address allocation 2019/03/06 00:20:58 (permalink)
    5 (1)
    That looks really as DHCP/DNS issue.
    When you see difference in IP addresses > run in command line on your DC: nslookup workstation_name

    Result will be what your DNS sees. You will very likely see IP address that is also in Collector Agent(s).
    Fix is on DNS/DHCP.
     
     
    #3
    xsilver_FTNT
    Expert Member
    • Total Posts : 437
    • Scores: 93
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: wrong IP address allocation 2019/03/07 00:45:29 (permalink)
    0
    Yes, that's good approach.
    Check and compare affected workstations' ipconfig with nslookup <workstattion-name> run on workstation .. those are supposed to be same.
    If it's FSSO setup then check nslookup on DC where Collector runs. As THIS is the point where DNS lookup or getHostByName is done and from this point of view is the IP resolved. And again, if whole DNS works well then even this nslookup result should show same IP as on workstation. You might also want to check that DC and workstation has same DNS setting.

    Kind Regards,
    Tomas
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5