View all questions & answers for the NSE 4 - FortiOS 7.6 Administrator Exam Materials exam


Question 38 Discussion

You have configured the FortiGate device for FSSO. A user is successful in log-in to Windows, but their access to the internet is denied. What should the administrator check first? (Choose one answer)

  • A. Whether the user is assigned to the correct AD group.
  • B. The FortiGate firewall policy settings for SSL decryption.
  • C. . The FortiGate FSSO active users list for user's IP address.
  • D. The Windows event viewer for failed login attempts.
Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments



Anonymous User 2026-01-27 04:45:33

Selected Answers: C


When a user successfully logs in to Windows but internet access is denied, the very first thing to verify in an FSSO deployment is whether FortiGate has learned and mapped the user to the correct IP address.

FSSO works by receiving login events from Active Directory and building a local table on FortiGate that maps:

Username

Source IP address

AD group membership

FortiGate then uses this table to match identity-based firewall policies.
If the user’s IP address is missing or incorrect, FortiGate cannot match the traffic to an identity policy, so traffic is denied—even though the Windows login succeeded.