Eprs_Admin
asked on
Fortigate SSO Agent
Hi Experts,
I have installed FSSO on my Fortigate to monitor all logons on my DCs.
But always one user has problems ans sometimes no internet and I get a lot of Fortigate Log messages.
Can you help me with this error ?
On how many DC I have to install the FSSO Agent ?
I did on all but can this be a problem ?
Is it besster on one DC ?
I have installed FSSO on my Fortigate to monitor all logons on my DCs.
But always one user has problems ans sometimes no internet and I get a lot of Fortigate Log messages.
Can you help me with this error ?
On how many DC I have to install the FSSO Agent ?
I did on all but can this be a problem ?
Is it besster on one DC ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes the agents are in sync mode.
ASKER
I have checked the install and config guide for the FSSO, it is set ok.
To get some more information:
Thanks
Is it always the same user that has the problems and no internet or does that change?
Can you post some of the errors you see in the FortiGate-log?
Thanks
ASKER
Yes it is always the same user.
ASKER
with my user I get always this error, when I click test workstation in Fortigate :
cannot access regisrty keys:2
Can you help me with this ?
cannot access regisrty keys:2
Can you help me with this ?
ASKER
And another user gets always each this error log message:
Message meets Alert condition
date=2015-09-16 time=12:23:33 devname=WRWOHAB_DKG3_MASTE R device_id=FG200B3912611717 log_id=0022000003 type=traffic subtype=violation pri=warning status=deny vd="root" src=10.3.4.150 srcname=10.3.4.150 src_port=52123 dst=95.143.84.166 dstname=95.143.84.166 dst_country="Austria" src_country="Reserved" dst_port=443 service=443/udp proto=17 app_type=N/A duration=0 rule=79 policyid=79 identidx=79 sent=0 rcvd=0 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port14" dst_int="port16" SN=1229168014 app="N/A" app_cat="N/A" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A" subapp="N/A" subappcat="N/A"
Message meets Alert condition
date=2015-09-16 time=12:23:33 devname=WRWOHAB_DKG3_MASTE
ASKER
I hope someone can help me, because I want to use FSSO for the whole company and department.
ASKER
Is it a problem ?