01-02-2020 09:45:48 [0000112c] session ID:5, username: xxxxx, domain: fortinetSuccessfully allocated Src port log (the allocated port has to be within the allocated range) for the customer traffic.
01-02-2020 09:45:48 [0000112c] session ID:5 has added to session table
01-02-2020 45:48 [0000112c] succeeded to allocate port range 2224-2423 for session 5
CDriver allocate port 2224 for request 10440 of session 5 protocol 6, time:15Port range for request.
Session 5 <----- The user session ID.
Port 2224 <----- In the range of allocated port range.
Allocate port <----- TS agent is successfully allocated the port for request.
Cdriver failed to allocate port for request 10410 of session 5 protocol 6, time:0Verify the login details on the FortiGate.
Session 5 <----- The user session ID.
Port <----- No port available in the port range for session 5.
# diag firewall auth list | grep -i michael -A 7For TS-Agent, the source port is important and it is necessary to verify from which source port the traffic was sent. This can be done by a packet capture on the FortiGate.
10.0.53.7, Michael
type: fsso_citrix, id: 4, duration: 63444, idled: 63444
server: Fortinet_FSSO_Access_List
packets: in 0 out 0, bytes: in 0 out 0
group_id: 8
group_name: Fortinet_FSSO_All_Users
port_range: (2224-2423)
# diagnose sniffer packet any 'host <web server IP>' 4Note: In case of explicit proxy the webserver IP will not help on the sniffer to show the terminal servers source port. Use a more broad filter for the terminal server instead.
# diagnose sniffer packet any 'host <terminal server IP>' 4Verify the sessions list for user’s session.
# diagnose sys session filter dst <webserver ip>If src_port is different than the allocated port range in the packet capture and session list, the TS-Agent log needs to be checked along with which process uses that specific source port range that is assigned to the user.
# diagnose sys session list
Scr_ip: 10.5.10.24
Src_port: 50777 <-----
Dst_ip: 185.48.81.79
Dst_port: 80
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.