FSSO Flashcards
Which mode is recommended for FSSO deployments?
DC agent mode
Which naming conventions does the FSSO collector agent use to access the Windows AD in standard access mode?
- Windows convention-NetBios
- Domain\groups
Which FSSO mode requires more FortiGate system resources (CPU and RAM)?
Agentless polling mode
What are two servers that can be used with FSSO?
- AD
- Novell eDirectory
What are two polling modes used in FSSO?
- Collector agent-based
- Agentless
What are some things the collector agent is responsible for?
- Group verification
- Workstation checks
- Updates of login records on FortiGate
- Send security group and OU information to FortiGate
What is the most scalable agent mode in FSSO?
DC Agent Mode
What does the collector agent receive from the DC and forward to FortiGate?
- User name
- Host name
- IP address
- User group(s)
What are three methods for collector agent-based polling mode?
- WMI
- WinSecLog
- NetAPI
What is the recommended collector agent-based polling mode?
WMI
What is a drawback of using NetAPI as a polling mode?
It is faster, but can miss login events if DC has a heavy system load
What is a drawback of using WinSecLog as a polling mode?
It is the slowest mode, but it does see all login events
How does the collector agent get user login events?
Polls the DC frequently
What are some cons of using agentless polling mode?
- More CPU and RAM required by FortiGate
- Fewer available features
- FortiGate doesn’t poll workstation
Is DC agent mode or polling mode more complex?
- DC agent mode
- Multiple installations required (one per DC)
