Which method does FortiGate utilize for agentless FSSO polling mode?

FortiGate employs the SMB protocol for event log access in its agentless FSSO (Fortinet Single Sign-On) polling mode. This method allows FortiGate to directly query Windows servers for user logon events, which is essential for identifying user identities associated with active sessions. By using SMB, FortiGate can access the necessary event logs from a Windows domain controller or member server where the logs are stored, supporting the FSSO's functionality without needing a dedicated agent on each client machine.

This approach is beneficial for environments where deploying agents is impractical or undesirable, as it tightly integrates with the existing Windows infrastructure. The flexibility of agentless polling allows for monitoring user activity while reducing overhead and complexity often associated with managing numerous agents.