FSSO with Fortigate
Hi Experts,
I want to use FSSO with my Fortigate and I want to use webfilters for my departments.
All is setup and working.
But something is really strange and I get a lot of emails from FORIGATE about AD AUTHENTICATION FAILED.
I Have one Webfilter, it blocks just one site the rest is open.
But why I get this errors ?
The responding security group has all my admins as members.
And when I login to the server with my admin, the internet is reachable and the blocked site is correct.
When all sites are allowed, why I get so much alerts from FORTIGATE ?
I want to use FSSO with my Fortigate and I want to use webfilters for my departments.
All is setup and working.
But something is really strange and I get a lot of emails from FORIGATE about AD AUTHENTICATION FAILED.
I Have one Webfilter, it blocks just one site the rest is open.
But why I get this errors ?
Message meets Alert condition
date=2015-05-06 time=13:44:16 devname=FORTI device_id=FGxx log_id=0106043013 type=event subtype=auth pri=notice vd="root" src=10.2.1.94 dst=212.73.221.199 proto=6 policyid=70 user="N/A" adgroup="N/A" ui="(10.2.1.94)" action=FSSO-auth status=failure reason="none" msg="AD group user failed in authentication" The responding security group has all my admins as members.
And when I login to the server with my admin, the internet is reachable and the blocked site is correct.
When all sites are allowed, why I get so much alerts from FORTIGATE ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Another issue is this reg key:
"Regedit", edit HKEY_LOCAL_MACHINE\SYSTEM\
On my workstation the permission is just Read. Write is not possible just Write Owner.
What can I change here and is it really necessarry ?
"Regedit", edit HKEY_LOCAL_MACHINE\SYSTEM\
On my workstation the permission is just Read. Write is not possible just Write Owner.
What can I change here and is it really necessarry ?
the debug commands are for FG. It should be fine running those two command since it is supposed to just show connectivity status unlike cases to collect very detailed running stats or sniffing log traffic packet that can take up to ard 10% addition of FG resources. But of course if the CPU of the FG is pretty high close to 100% suggest you do it later (otherwise it can drop more packets or sessions) but should still do it during "non-peak" office hours (like lunch time) as that is when still user are connecting or stay connected etc...
For the registry, as long as "Local Service" user account has Read should be good as per in the MS kb...
If Fortinet Server Authentication Extension (FSAE) is also used in DC which works closely with FSSO, do also check out this. The steps to check is rather similar..
http://itzecurity.blogspot.sg/2013/08/configuring-fsso-for-single-sign-on.html#!/2013/08/configuring-fsso-for-single-sign-on.html
For the registry, as long as "Local Service" user account has Read should be good as per in the MS kb...
If Fortinet Server Authentication Extension (FSAE) is also used in DC which works closely with FSSO, do also check out this. The steps to check is rather similar..
http://itzecurity.blogspot.sg/2013/08/configuring-fsso-for-single-sign-on.html#!/2013/08/configuring-fsso-for-single-sign-on.html
ASKER
Thanks for the link and I have done it like this.
ASKER
The debug commands also working on my fortigate, just some commands differ ea little bit.
thanks for sharing and if poss can share more on the "little' differences to benefit the community to learn from your experience too :)
ASKER
These test commands just for the FORTIGATE command line ?
Is it a problem to start them during the day ?