Hot!FSSO polling mode - can’t see user logins

Author
Farroo
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/22 10:02:50
  • Status: offline
2019/06/23 11:29:15 (permalink)
0

FSSO polling mode - can’t see user logins

Hi,
We have a situation where we have setup ldap correctly and able to browse user directory, all groups etc showing as expected.
Problem we have seen is any users logged in- not seeing by the firewall.
There are no antivirus/firewall port blocks on the AD server, and an adminaccount used for polling.
Firewall debug showing sent login info packet 1 and no login info received packets
This is a 300e firewall in vdom mode- unfortunately running 5.2.10 which we cant upgrade just on the sly as it does have other live customers and fortinet tac not helping as its out dated version.
Wondering if anyone else come across this before and share some pointers?
We think its an issue on AD server but not wnough substance to prove it back to the end user.
Thanks.
#1

3 Replies Related Threads

    xsilver_FTNT
    Expert Member
    • Total Posts : 430
    • Scores: 91
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: FSSO polling mode - can’t see user logins 2019/06/24 01:55:37 (permalink)
    0
    Hi Farroo,
    unfortunately it's not clear, at least to me, what sort of authentication you are trying to do/have.
    Is it LDAP based auth, or FSSO ?  If FSSO then are you polling DC(s) directly from FortiGate or do you use Colelctor Agent installed on one of DCs (preferred option) ?

    Kind Regards,
    Tomas
    #2
    Farroo
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/22 10:02:50
    • Status: offline
    Re: FSSO polling mode - can’t see user logins 2019/06/24 12:56:20 (permalink)
    0
    Sorry xsilver, I thought I mentioned fsso..
    polling mode on fortigate and no agent on dc- we have a number of other cust exactly the same setup, just having issues with this one and unable to prove its an issue with ad.
    We have setup the ldap server, on fortigate, then fsso using that server, able to browse advserver can see groups users etc, but not seeing any user logins.
    Acc on ad is admin and it can read user login events.
    Don’t know where else to look...
    #3
    Alivo_ FTNT
    Silver Member
    • Total Posts : 71
    • Scores: 22
    • Reward points: 0
    • Joined: 2013/04/30 12:42:47
    • Location: Fortinet TAC Prague
    • Status: offline
    Re: FSSO polling mode - can’t see user logins 2019/06/26 02:19:56 (permalink)
    0
    Hello Farroo,
    first about the 5.2.10
    ("This is a 300e firewall in vdom mode- unfortunately running 5.2.10 which we cant upgrade just on the sly as it does have other live customers and fortinet tac not helping as its out dated version.")
     
    FortiGate is a security device and its purpose is to protect. Old firmware versions, that are note supported anymore,  can be (are) vulnerable to various vulnerabilities. Insecure security device loses it's purpose. Firmware needs to be up to date.
     
    To the FSSO issue > which AD version customer has?
    Do you monitor user groups who's users logons are expected to be seen?
    Which Windows Security Logon Events are generated by users logons?
     
    Alivo
     
     
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5