Refer to the exhibit, which shows a partial output of the fssod daemon real-time debug command. What two conclusions can you draw from the output? (Choose two.)
A.
FSSO is using agentless polling mode to detect logon events.
B.
The workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.
C.
The logon event can be seen on the collector agent installed on Windows.
D.
FSSO is using DC agent mode to detect logon events.
Correct answer is AB.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-FSSO-agentless-polling/ta-p/214349
From the snippet we can see that FortiGate (via the fssod daemon) is directly detecting the user logon rather than relying on a separate “collector” or “DC agent.” This indicates agentless polling—FortiGate polls the DC’s event logs over TCP 445 to discover logons. So:
- FSSO is using agentless polling mode to detect logon events (Choice A).
- In agentless mode, FortiGate will periodically poll the same IP (the DC) on port 445 to see if the user is still logged on (Choice B).
Choices C and D imply that a collector/DC agent is installed on the domain controller (which is not the case in agentless polling), so they do not apply.
AB are correct this output corresponds with agentless polling mode, in which FortiGate polls all workstations on port 445 to verify if the user is still logged in.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ic3Box
1Â month agoPabloSL
3Â months, 4Â weeks ago