Created on 03-25-2021 12:08 AM Edited on 11-23-2021 08:07 AM By Anonymous
Description
This article describes how to add applications to an exempt list in Terminal Server agent to ensure the application traffic does not use the user-allocated port range.
Solution
From FSSO version 5.0.0293 (version 5.0.0294 was released with FortiOS 6.4.3 and 6.2.6), Terminal Server Agents support the option of exempting specific applications from port allocation.
This can be done by adding a registry key and pointing it to the proper application names.
These should be the same name as the process that opens TCP/UDP sockets.
This can be checked via commands such as 'netstat'.
To add applications:
1) Shut down the TS Agent service (Win+R, services, scroll down to 'Fortinet SSO Terminal Server Agent', right-selection on the mouse, Stop).
2) Open registry (Win+R, regedit).
3) Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\TSAgent
4) Select an empty section and select New -> String Value.
5) Name it 'IgnoreAppList'.
6) Select the new entry, and select 'Modify'.
7) Add the executables to be ignored (atrium.exe for example, or firefox.exe; separated with a semicolon).
8) Start the service again (Win+R, services, scroll down to 'Fortinet SSO Terminal Server Agent', right-selection on the mouse, Start).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.