Fortinet Document Library

Version:


Table of Contents

6.0.0
Download PDF
Copy Link

Summary of FortiOS and FSSO scenarios

Following is a summary of the scenarios described in this section:

Scenario

Advantage

Disadvantage

FortiOS with built-in FSSO polling

  • Simple configuration
  • No need to install FSSO CA on third party host
  • Limited number of monitored DCs
  • No user logout monitor

FortiOS and FortiAuthenticator

  • FSSO CA machine uses own resources
  • Supports TS, syslog sources, RADIUS accounting, multiple domain environments, FortiClient mobile
  • NTLM is supported, but only for one domain.
  • Citrix support requires TS agent to be installed

FortiOS and FSSO CA

  • FSSO CA machine uses own resources
  • Supports TS, Citrix, RADIUS accounting, NTLM, multiple domain environments

Possible delayed logoff detection

note icon

Some FSSO methods are less accurate than others, which is an inherent limitation of the method used to authenticate users. It's unrelated to how Fortinet implemented any of the methods.

Summary of FortiOS and FSSO scenarios

Following is a summary of the scenarios described in this section:

Scenario

Advantage

Disadvantage

FortiOS with built-in FSSO polling

  • Simple configuration
  • No need to install FSSO CA on third party host
  • Limited number of monitored DCs
  • No user logout monitor

FortiOS and FortiAuthenticator

  • FSSO CA machine uses own resources
  • Supports TS, syslog sources, RADIUS accounting, multiple domain environments, FortiClient mobile
  • NTLM is supported, but only for one domain.
  • Citrix support requires TS agent to be installed

FortiOS and FSSO CA

  • FSSO CA machine uses own resources
  • Supports TS, Citrix, RADIUS accounting, NTLM, multiple domain environments

Possible delayed logoff detection

note icon

Some FSSO methods are less accurate than others, which is an inherent limitation of the method used to authenticate users. It's unrelated to how Fortinet implemented any of the methods.