Configuring FSSO Advanced Settings

Configuring FSSO Advanced Settings

Depending on your network topologies and requirement, you may need to configure advanced settings in the FSSO Colloctor agent.To do so, from the Start menu, select Programs > Fortinet > Fortinet Single Sign-On Agent > Configure Fortinet Single Sign-On Agent, then from the Common Tasks section, select Advanced Settings.


This section include :

  • General Settings
  • Citrix/Terminal Server
  • Exchange Server
  • RADIUS Accounting


General Settings

In the General tab, enter the following information and select OK.

Worker thread count             Number of threads started in the CA process. Default is128 on CA version 5.0.0241.

Maximum FortiGate con- nections

Number of FortiGates can be connected to the CA. Default is 64.

Group look-up interval         The interval in seconds to lookup users/groups. If an AD group membership of cur- rently logged on user, CA can detect this and update information on the FortiGate. Enter 0 for no checking.

Windows security Event logs

Choose the event logs to poll.

Event IDs to poll                    0:Default set, it includes Kerberos authentication event logs : 672 for Windows server 2003, 4768 for Windows server 2008 and 2012 and NTLM authentication event logs : 680 for Windows server 2003, 4776 for Windows server 2008 and 2012. 1: Extended set, it includes Kerberos service ticket event logs : 673 for Windows server 2003, 4769 for Windows server 2008 and 2012. Service tickets are obtained whenever a user or computer accesses a server on the network.

List the event ids separated by “;”.

Workstation Check                Optianally enable Use WMI to check user logoff for the collector agent to query whether users is still logged on.

Workstation Name Res- olution Advance Options

Alternative DNS server


Collector Agent uses the DNS server configured on the machine it is running on by default. If CA should use another DNS server then one or more alternative DNS server can be configured here.

Alternative work- station suffix(es)

If only host name is available CA uses the default domain suffix to build a FQDN for

DNS queries. In case CA should use a different suffix, it can be configured as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.