Solved

Users are not getting internet

Posted on 2015-02-23
3
45 Views
Last Modified: 2016-06-01
I have created two different domain as member domain servers in different networks and with different network firewall. We are facing issues that most of the users are not getting authenticated on Fortigate single sign on agent which is installed on both DCs. and thats why they are not getting internet. As we stop the connectivity or tunnel link between these networks, users can access internet.

I have two networks and i have two domains with server  2003 and another with 2012 R2 server. We are using Fortigte 100D firewall.

-Abhijit
For Infrasoft Technologies.
0
Comment
Question by:syinfra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40625838
As you have stated this is something very specific with your Fortinet appliance. I am not sure how much assistance you will get here unless someone has experience with this SSO feature as well.

I would suggest checking the Logs on the DC's and also the Fortinet box as well to see what is being blocked.

I would also recommend using something like Wireshark to see the packet captures for a workstation when the SSO is enabled.

Will.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40626251
I have 100D. Could you share the Fortigate config ? I can have a look what is denying access to internet.
0
 

Author Comment

by:syinfra
ID: 40635559
I have configured deny rules on both sides of network firewall, not to logon on remote Domain server. Only logon to local domain server. users who are facing issues regarding internet, they are logging on to remote domain server. i.e. user from 172.25.X.X subnet is logged on to 172.21.X.X domain server.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question