Solved

Users are not getting internet

Posted on 2015-02-23
3
47 Views
Last Modified: 2016-06-01
I have created two different domain as member domain servers in different networks and with different network firewall. We are facing issues that most of the users are not getting authenticated on Fortigate single sign on agent which is installed on both DCs. and thats why they are not getting internet. As we stop the connectivity or tunnel link between these networks, users can access internet.

I have two networks and i have two domains with server  2003 and another with 2012 R2 server. We are using Fortigte 100D firewall.

-Abhijit
For Infrasoft Technologies.
0
Comment
Question by:syinfra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40625838
As you have stated this is something very specific with your Fortinet appliance. I am not sure how much assistance you will get here unless someone has experience with this SSO feature as well.

I would suggest checking the Logs on the DC's and also the Fortinet box as well to see what is being blocked.

I would also recommend using something like Wireshark to see the packet captures for a workstation when the SSO is enabled.

Will.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40626251
I have 100D. Could you share the Fortigate config ? I can have a look what is denying access to internet.
0
 

Author Comment

by:syinfra
ID: 40635559
I have configured deny rules on both sides of network firewall, not to logon on remote Domain server. Only logon to local domain server. users who are facing issues regarding internet, they are logging on to remote domain server. i.e. user from 172.25.X.X subnet is logged on to 172.21.X.X domain server.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question