|
|
|
Using FSAE on your network | Configuring FSAE on Windows AD |
4Enter the following information and then select OK.
Default | Select to create the default filter. The default filter applies to any |
| FortiGate unit that does not have a specific filter defined in the list. |
FortiGate Serial
Number
Description
Enter the serial number of the FortiGate unit to which this filter applies. This field is not available if Default is selected.
Enter a description of this FortiGate unit’s role in your network. For example, you could list the resources accessed through this unit. This field is not available if Default is selected.
Monitor the following groups
Add
The collector agent sends the FortiGate unit user logon information for the Windows AD user groups in this list. You edit this list using the Add, Advanced and Remove buttons.
In the preceding
Advanced | Select Advanced, select the user groups from the list, and then |
| select Add. |
Remove | Remove the user groups selected in the monitor list. |
Configuring TCP ports
Windows AD records when users log on but not when they log off. For best performance, FSAE monitors when users log off. To do this, FSAE needs read- only access to each client computer’s registry over TCP port 139 or 445. At least one of these ports should be open and not blocked by firewall policies.
If it is not feasible or acceptable to open TCP port 139 or 445, you can turn off FSAE logoff detection. To do this, set the collector agent Workstation verify interval to 0. FSAE assumes that the logged on computer remains logged on for the duration of the collector agent Dead entry timeout interval. By default this is eight hours. For more information about both interval settings, see “Timers” on page 11 in the “Configuring collector agent settings” section.
Fortinet Server Authentication Extension Version 1.5 Technical Note |
|
13 |