Identity & Access Management

Expand all | Collapse all


  • 1.  FSSO

    Posted 7 days ago

    in large network there are many branch FGTs, different models from low to high end models. Users use AD and FSSO and the collector sends all active users to all FGTs. Is there any limit? Or do you know any optimization methods how to protect low end FGTs? If there are many users in the organization, the low end devices can be "overwhelmed" by the number of information they receive. Any idea how to deal with it?

  • 2.  RE: FSSO

    Posted 7 days ago

    You can use "Global pre-filter" of the FortiGate filtering to limit groups to specific subset of groups that are needed.   Only groups in the pre-filter will be included in the SSO session on the FAC.  The groups in the SSO session can be further limited on a per-FortiGate basis by configuring a FortiGate filtering object for each individual FortiGate.

  • 3.  RE: FSSO

    Posted 6 days ago
    This is what I was looking for! Many thanks David