DescriptionDeploying direct polling mode FSSO to FortiGates using FortiManager requires a few steps which are normally automated when configured directly in FortiGate via the Web GUI. There is no explicit GUI option to configure FSSO-polling in FortiManager.
SolutionFollow the configuration steps via the FortiManager Web GUI in order to configure FSSO-Polling from FortiManager.
It might help to create the first FSSO-Polling agent on the FortiGate, retrieve the configuration in FortiManager, and check which subfields are populated by default and are required.
1. Under Device Manager > Devices & Groups > Managed FortiGates > FGTname > vdom (if enabled) > Menu > System > FSSO > Create New
2. FSSO Agent IP/Name: 127.0.0.1
3. Port: 8000
4. Password: Leave this field blank
5. LDAP Server: Select the LDAP Server
6. Under Device Manager > Devices & Groups > Managed FortiGates > FGTname > vdom (if enabled) > Menu > CLI-Only Objects > User > fsso-polling > right-click "No Records Found" > new
7. Create a new FSSO-Polling agent on the FortiGate
8. Make sure to configure user, password, ldap-server, and set status=enable
9. Click OK
10. Right-click the new config and return to the FSSO-Polling configuration
11. To create a group association, under adgrp > Right-click "No records Found" > New > type in the group full object DN (For example: CN=group1, CN=Users, CN=domain, DC=com)