question

messelemramzi avatar image
0 Likes"
messelemramzi asked

cant find poll active directory server

problem2.jpgproblem1.jpgi was following a YouTube video about how to sett up a widows server with FortiGate sso and everything was going fine till I got to this step and I couldn't find the poll active directory server option please help in the photo mine is the dark one and as you can see I cant see that option

FortiGateSSOserver
problem1.jpg (153.2 KiB)
problem2.jpg (81.2 KiB)
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tomcat Silver avatar image
0 Likes"
Tomcat Silver answered

Hi messelemramzi,

on problem1.jpg (black one) have a look to "External Connectors" .. yes, external as your FortiGate [FGT] is going to communicate witn non-Fortinet device like AD, and so those are connectors to external services.

1662444074738.png

(full underline is suggested standalone collector, - - - underline is direct polling from FGT)

FGT can talk to, and poll, AD directly. However should this be domain bigger than few people (max low tens of people), then I would suggest to use standalone FSSO Collector Agent installed on DC (alt. on any server class Domain Member Windows OS). And let user data collecting to be done on DC and reported to FGT, instead of having firewall doing that task and consume precious resources.

To get standalone Collector Agent (free-of-charge) simply navigate to support.fortinet.com and download it from under Firmware Downloads site and from under FortiOS/FSSO folder.

Standalone Collector Agent is more versatile, scalable, robust and so I'd suggest to use it for mid size and bigger (but even for/from SOHO size) companies.


Kind regards,
Tomas Stribrny


1662444074738.png (136.3 KiB)
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tomcat Silver avatar image
0 Likes"
Tomcat Silver answered

Hi messelemramzi,

on problem1.jpg (black one) have a look to "External Connectors" .. yes, external as your FortiGate [FGT] is going to communicate with non-Fortinet device like AD, and so those are connectors to external services.

1662444245596.png

(full underline is suggested standalone collector, - - - underline is direct polling from FGT)

FGT can talk to, and poll, AD directly. However should this be domain bigger than few people (max low tens of people), then I would suggest to use standalone FSSO Collector Agent installed on DC (alt. on any server class Domain Member Windows OS). And let user data collecting to be done on DC and reported to FGT, instead of having firewall doing that task and consume precious resources.

To get standalone Collector Agent (free-of-charge) simply navigate to support.fortinet.com and download it from under Firmware Downloads site and from under FortiOS/FSSO folder.

Standalone Collector Agent is more versatile, scalable, robust and so I'd suggest to use it for mid size and bigger (but even for/from SOHO size) companies.

Kind regards,
Tomas Stribrny


1662444245596.png (136.3 KiB)
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space