Created on 09-17-2010 06:57 AM Edited on 05-26-2022 11:29 AM By Anonymous
Description
This article explains what FSAE checks for on the Domain Controller and what the polling rate is.
Scope
FortiOS 4.0
FSAE build 58
Solution
Having an FSAE agent installed on every domain controller can ensure the maximum accuracy for detecting user logon. However, some users don't want to have third party software installed on their domain controllers.
Unlike other user authentication services (For example: Novell eDirectory), Windows Active Directory does not keep user logon session information in its database. This means that a normal LDAP query to Windows AD asking "list all the currently logged on users" will not work.
Instead when a user logs on to the domain, a temporary session is created on the domain controller which is not kept for more than 15 seconds.
Domain Controller polling looks for such sessions and polls the Domain Controller frequently in order to get user logon information indirectly.
The controller agent must be able to complete polling of all polled devices within 10 seconds. For this reason, using polling mode may not work for larger deployments or deployments which are geographically diverse.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.