Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
A . FortiGate uses the AD server as the collector agent.
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
C. FortiGate does not support workstation check .
D. FortiGate directs the collector agent to use a remote LDAP server.

Answer: B,C

Explanation:

You can deploy FSSO w/o installing an agent. FG polls the DCs directly, instead of receiving logon info indirectly from a collector agent.

Because FG collects all of the data itself, agentless polling mode requires greater system resources, and it doesn’t scale as easily.

Agentless polling mode operates in a similar way to WinSecLog, but with only two event IDs: 4768 and 4769. Because there’s no collector agent, FG uses the SMB protocol to read the event viewer logs from the DCs.

FG acts as a collector. It ‘s responsible for polling on top of its normal FSSO tasks but does not have all the extra features, such as workstation checks, that are available with the external collector agent.

Reference:

https://kb.fortinet.com/kb/documentLink .do?externalID=FD47732

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-FSSO-agentless-polling/ta-p/214349

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments