Results 1 to 2 of 2

Thread: Single Sign On TS Agent causing websites to not load completely

  1. #1
    Junior Member
    Join Date
    Jan 2017

    Single Sign On TS Agent causing websites to not load completely

    Hello - When the Fortinet SSO Terminal Server Agent Service is running on a Windows TS end users are not able to load web pages correctly. The imgaes and CSS sheets do not load. This ture for websites that are also added under Security Profiles -> Web Filters -> Static URL Fliter - this service is enabled and I added in a wildcard exception here to allow and still these websites fail to load completely. Any ideas on how to configure the TSSO agent correctly? We use a FortiGate 300C Thank you!

  2. #2

    Thanks for reaching out! I have a few questions if you don't mind.
    1. What version of FortiOS are you running on your 300C?
    2. What version of the TS FSSO Agent are you running?
    3. Has this ever worked and it just suddenly stopped or is this a new deployment?

    Antonio from the main Fortinet forums answered some questions about this on a new deployment and this is what he had to say:
    1) install TS Agent service on each RDS server
    2) point TS Agents to your regular FSSO collectors
    3) set a range of system ephimeral ports from which user sessions will be allocated
    4) Under collector " show logons" log you' ll see those users as RDS_SERVERIP:TSAGENT_SESSIONID with a range of ports associated

    Essentially, if I' ve understood correctly each new user winsock it' s allocated from a fixed pool of ephimeral source tcp/udp ports that univocally identify user sessions..

    Beware of S.O. differences that I' ve encountered:

    - on Windows 2008 or above, system dynamic udp/tcp are allocated on range 49152-65535 (and controlled via netsh) so TS Agent detect a valid free range under 49150

    - on Windows 2003 range limt it' s not configured by default so you' ve to change it writing a key into the registry



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts