Dual connection wireless & wired dock

scerazy · ‎04-24-2019

I noticed that if user logs in to AD on wireless & then connects a dock (wireless is going to off at this point), user no longer seems to be authenticated by DC Agent & internet access fails (as my Policy drops all access if non authenticated user)

Any idea if that behavior can be adjusted?

My DC Agent Timers are: workstation verify interval 5 min, dead entry 480 min, ip address change 60 sec

Seb

Alivo__FTNT · ‎04-24-2019

Hello Seb,

This is answered in this post: https://forum.fortinet.com/tm.aspx?m=126175

Alivo

livo

scerazy · ‎04-24-2019

Well, not really, over there there is Collector mention & I use DC Agent in DC mode installed directly on DCs

Alivo__FTNT · ‎04-25-2019

Hello,

Do you use FortiAuthenticator?

If not then you have to have Collector Agent(s) In DC Agent mode which communicates to FortiGate while DC Agent communicates to Collector Agent(s) .

livo

scerazy · ‎04-25-2019

No, I do not use FortiAuthenticator

I do have two DC Agents DCAgent_Setup_5.0.0276_x64.msi that communicate with Fortigate

Yes, like in the picture!

But I do NOT have [HKEY_LOCAL_MACHINE\software\fortinet\fsae\collectoragent]

I have [HKEY_LOCAL_MACHINE\software\fortinet\fsae\dcagent]

Alivo__FTNT · ‎04-25-2019

Ok, DC Agents do not communicate with FortiGate, they communicate with Collector Agent(s) that send user info

to FortiGate. The previous image is the Collector Agent, this picture is DC Agent that can communicate only with above mentioned Collector Agent. The registry path is: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent

livo

scerazy · ‎04-25-2019

I have never ever seen the other screen

I have only seen Install DC Agent or Uninstall DC Agent GUIs

OK, I see the value DNSlookupinterval, which in fact is the GUI IP Address Change verify interval, so I reduced it to 5 & will see what happens

Seb