Hot!Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA

Author
suporte.dohler
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/06/07 06:47:25
  • Status: offline
2020/08/11 11:24:55 (permalink)
0

Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA

I am with a issue with the authentication with AD, FORTIGATE and MACOS HIGH SIERRA. I can't surf internet. I need help to resolve this problem.
 

Attached Image(s)

#1

6 Replies Related Threads

    maiconp340
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/02 09:34:42
    • Status: offline
    Re: Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA 2020/08/12 04:58:05 (permalink)
    0
    Hello, I think you have a certification inspection issue. try on bypass that URL from SSL Inspection.
    check in Monitor > Firewall User Monitor and check whether that user is authenticate, if it is there so your authenticate with AD it is working.
    #2
    suporte.dohler
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/06/07 06:47:25
    • Status: offline
    Re: Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA 2020/08/12 05:20:04 (permalink)
    0
    the user is not there.

    The is happening, is that after login the mac show a windows for me, where it's ordering the user and password my firewall and after fill out show error the connection with the firewall.
     
    #3
    maiconp340
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/02 09:34:42
    • Status: offline
    Re: Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA 2020/08/12 05:53:13 (permalink)
    0
    check whether "Redirect HTTP Port" to HTTPS is Enable in System > Settings, if yes please desable it and try on.
     
    #4
    suporte.dohler
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/06/07 06:47:25
    • Status: offline
    Re: Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA 2020/08/12 07:57:13 (permalink)
    0
    the user is connect in NTLM, but don´t in FSSO, where i can't surf internet.
    #5
    suporte.dohler
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/06/07 06:47:25
    • Status: offline
    Re: Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA 2020/08/13 11:31:04 (permalink)
    0
     
    i can't suft in internet, but macos is connected.
    post edited by suporte.dohler - 2020/08/13 12:40:24

    Attached Image(s)

    #6
    xsilver
    Expert Member
    • Total Posts : 539
    • Scores: 135
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: Authentication Fortinet Single Sign-On (FSSO) in MACOS HIGH SIERRA 2020/09/11 00:24:45 (permalink)
    0
    Hi,
     
    your initial screenshot points more towards SSL cert issues, probably due to deep inspection.
    If you resolved that and your MAC is inside domain, but your AD logon is not seen in FSSO on FGT, like in 'diag debug auth fsso list' , or in firewall (this part is checked in policies) ' diag fire auth list'.
    Then it might be caused by FGT not knowing about your user from FSSO.
    Check if you do have connected Collector agent via ..
    diag debug en
    diag debug authd fsso server-status
     
    Also, standalone collector is able to set which logon events it is processing. As during logon to domain there is whole lot of events, like 15, and for FSSO is useful just one or two of those.
    In the past I seen that MacOS computers generated 4624 EventId types during their authentication to domain.
    Therefore make sure your standalone collector has Advanced Settings > General > Windows Security Event Logs > Event IDs to poll = "2".
     
    If you not have standalone collector, usual and cheapest way, then maybe let us know with more details about your setup.
     

    Kind Regards,
    Tomas
    #7
    Jump to:
    © 2020 APG vNext Commercial Version 5.5