Configuring FSSO Advanced Settings
Depending on your network topologies and requirement, you may need to configure advanced settings in the FSSO Colloctor agent.To do so, from the Start menu, select Programs > Fortinet > Fortinet Single Sign-On Agent > Configure Fortinet Single Sign-On Agent, then from the Common Tasks section, select Advanced Settings.
This section include :
- General Settings
- Citrix/Terminal Server
- Exchange Server
- RADIUS Accounting
In the General tab, enter the following information and select OK.
Worker thread count Number of threads started in the CA process. Default is128 on CA version 5.0.0241.
Maximum FortiGate con- nections
Number of FortiGates can be connected to the CA. Default is 64.
Group look-up interval The interval in seconds to lookup users/groups. If an AD group membership of cur- rently logged on user, CA can detect this and update information on the FortiGate. Enter 0 for no checking.
Windows security Event logs
Choose the event logs to poll.
Event IDs to poll 0:Default set, it includes Kerberos authentication event logs : 672 for Windows server 2003, 4768 for Windows server 2008 and 2012 and NTLM authentication event logs : 680 for Windows server 2003, 4776 for Windows server 2008 and 2012. 1: Extended set, it includes Kerberos service ticket event logs : 673 for Windows server 2003, 4769 for Windows server 2008 and 2012. Service tickets are obtained whenever a user or computer accesses a server on the network.
List the event ids separated by “;”.
Workstation Check Optianally enable Use WMI to check user logoff for the collector agent to query whether users is still logged on.
Workstation Name Res- olution Advance Options
Alternative DNS server
Collector Agent uses the DNS server configured on the machine it is running on by default. If CA should use another DNS server then one or more alternative DNS server can be configured here.
Alternative work- station suffix(es)
If only host name is available CA uses the default domain suffix to build a FQDN for
DNS queries. In case CA should use a different suffix, it can be configured as well.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!