FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Description This article explains potential issues when EMS and FSSO collector agent are installed on the same underlying server.
Solution FSSO collector agent is used for collecting and processing user login information for the purpose of authenticating users on the workstations. FortiClient 'Endpoint Management Server (FortiClient EMS) is a security management solution that enables scalable and centralized management of multiple endpoints (computers). In general, FortiClient EMS should be installed on a separate server. Install FortiClient EMS and the default services for the operating system on the server. D not install additional services on the same server as FortiClient EMS. It is recommended to install FSSO collector agent on another server. If the amount of available servers is limited, FSSO collector agent can be installed on a domain controller directly, along with the DC-Agent.
FSSO collector agent and EMS can overlap in functionalities as both can used by FortiOS for group polling and other information over port TCP/8000. FortiGate can receive the dynamic endpoint groups from EMS via the FSSO protocol, using the 'fortiems' FSSO agent type.
Possible issues can include: - FSSO collector agent DC-Agent timeouts. - Not possible to display show user List. - Not possible to connect to FSSO CA from FortiGate.
When testing the connection over telnet from the FortiGate, the connection shows as connected and closed, without any reply from the FSSO server. The correct reply from the FSSO Service looks like this:
exec telnet 10.0.0.10 8000 Trying 10.0.0.10... Connected to 10.0.0.10. Z▒ ▒▒ FSSO 5.0.0278_x,;w-sT▒JoK8=FSAE_SERVER_10001Connection closed by foreign host.
