Created on 01-13-2015 01:03 PM Edited on 03-24-2022 11:02 AM By Anonymous
Description
When FSSO polling is configured on a FortiGate, hostname resolution may fail.
Reason:
FSSO daemon does not take the domain name from system DNS settings.
Impact:
When the domain name is not included in DNS queries, it can cause excessive requests to be sent.
Scope
Solution
Fortinet recommends configuring the "set default-domain" option when FSSO polling is used.
The default domain is a primary DNS suffix which is used in DNS name registration and DNS name resolution for domain computers.
It can be set by:
"set default-domain"
command under
"config user fsso-polling"
For example:
config user fsso-polling
edit 1
set server "10.10.20.2"
set ldap-server "LDAP1"
set default-domain "localdomain.local"
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.