Selecting Domain Controllers and working mode for monitoring
You can change which DC agents are monitored or change the working mode for logon event monitoring between DC agent mode and polling mode.
When polling mode is selected, it will poll port 445 of the domain controller every few seconds to see who is logged on.
1. From the Start menu select Programs > Fortinet > Fortinet Single Sign On Agent > Configure Fortinet Single Sign On Agent.
2. In the Common Tasks section, select Show Monitored DCs.
3. Select
Select DC to Monitor.
4. Choose the Working Mode.
• DC Agent mode — a Domain Controller agent monitors user logon events and passes the information to the Collector agent. This provides reliable user logon information, however you must install a DC agent on every domain controller in the domain.
• Polling mode — the Collector agent polls each domain controller for user logon information. Under heavy system load this might provide information less reliably. However installing a DC agent on each domain controller is not required in this mode.
You also need to choose the method used to retrieve logon information:
• Poll logon sessions using Windows NetAPI
• Check Windows Security Event Logs
For more information about these options, see
“Polling mode”.
5. In Domain controller monitored by this collector agent, select the collector agent that you installed.
6. Select OK. Select Close. Select Save & Close.