Fortinet NSE4 - Module 3 - Fortinet Single Sign-ON
(FSSO)| QUESTIONS AND WELL VERIFIED ANSWERS
|ACTUAL EXAM 100%
DC Agent Mode
What is the commended mode for FSSO?
DC Agente Mode is the most scalable mode and is the recommended mode for FSSO.
DC Agent Mode
Dc agent mode requires:
One DC agent installed on each Windows DC
A collector agent which is another FSSO component.
DC Agent Mode
The collector agent is responsible for:
Group verification
Workstations checks
Updates of login records on FortiGate
Sending domain local security group, organizational units and global security group
information
DC Agent Mode
The agent DC is responsible for:
Monitoring user login events and forwarding them to the collector agents
Handling DNS lookups (by default).
, DC Agent Mode Process
There are 4 steps:
1. User authenticates against the Windows DC
2. DC agent sees the login event and forwards it to the collector agent
3. The collector agent receives the event and forwards it to FortiGate
4. FortiGate knows the user based on their IP, username, host name and user group.
DC Agent Mode Process
In what port is the communication between The Collector Agent and FortiGate ? What
is the listen port for updates from DC agents?! Both of this ports can be customized?!
TCP 8000
TCP 8002
Yes, both ports are customizable.
Collector Agent-Based Polling Mode
In the collector agent-based polling mode, the collector agent must be installed on a
Windows Server.
No FSSO DC agent is required.
Collector Agent-Based Polling Mode
Every few seconds, the collector agent polls each DC for user login events. The
collector agent uses (ports):
SMB (TCP 445) by default
TCP 135, 139 and UDP 137 as fallbacks.
Collector Agent-Based Polling Mode
TRUE or FAlSE - This mode requires a less complex installation, which reduces ongoing
maintenance.
(FSSO)| QUESTIONS AND WELL VERIFIED ANSWERS
|ACTUAL EXAM 100%
DC Agent Mode
What is the commended mode for FSSO?
DC Agente Mode is the most scalable mode and is the recommended mode for FSSO.
DC Agent Mode
Dc agent mode requires:
One DC agent installed on each Windows DC
A collector agent which is another FSSO component.
DC Agent Mode
The collector agent is responsible for:
Group verification
Workstations checks
Updates of login records on FortiGate
Sending domain local security group, organizational units and global security group
information
DC Agent Mode
The agent DC is responsible for:
Monitoring user login events and forwarding them to the collector agents
Handling DNS lookups (by default).
, DC Agent Mode Process
There are 4 steps:
1. User authenticates against the Windows DC
2. DC agent sees the login event and forwards it to the collector agent
3. The collector agent receives the event and forwards it to FortiGate
4. FortiGate knows the user based on their IP, username, host name and user group.
DC Agent Mode Process
In what port is the communication between The Collector Agent and FortiGate ? What
is the listen port for updates from DC agents?! Both of this ports can be customized?!
TCP 8000
TCP 8002
Yes, both ports are customizable.
Collector Agent-Based Polling Mode
In the collector agent-based polling mode, the collector agent must be installed on a
Windows Server.
No FSSO DC agent is required.
Collector Agent-Based Polling Mode
Every few seconds, the collector agent polls each DC for user login events. The
collector agent uses (ports):
SMB (TCP 445) by default
TCP 135, 139 and UDP 137 as fallbacks.
Collector Agent-Based Polling Mode
TRUE or FAlSE - This mode requires a less complex installation, which reduces ongoing
maintenance.
