Skip to main content
mfahey
mfahey
New Member
March 16, 2018
Question

Feature Request: Identify users on mac,chrome and windows to assign policies properly.

  • March 16, 2018
  • 2 replies
  • 24768 views

Every other content filter I have ever used Lets you install an agent on the client for the purposes of identifying to the content filter who the user is.

 

Content filters: Lightspeed systems, Securly, Go Guardian. You get the point.

 

Currently the only way fortinet does this is server side and it's windows only. You have to install software on the domain controller.

 

Our environment is mixed, we have windows,chromebooks, mac. This is pretty common now.

 

The solution is simple.

Eliminate FSSO ( its far overcomplex for its simple goal)

windows :  create a simple .msi that reports the username at login to the fortigate 

Mac: Create a dmg mac program that reports the username at login to the fortigate

Chromebook: Create a chrome extension that reports the username at login to the fortigate

 

Without this feature content filtering is pretty useless. If you can't identify users on most platforms and assign different policies

what is even the point of using your content filtering.

 

I have expressed this request multiple times to multiple people and nobody listens. 

 

Fortinet Does not listen to customers. I got very political answers or just the run around.

 

 

 

 

2 replies

emnoc
emnoc
New Member
March 16, 2018

Could  you used the license FortiClient? That will get most of what your asking for the MACOSX device. ChromeOS might be a far fetch .

mfahey
mfaheyAuthor
New Member
March 16, 2018

I understand the forticlient would do this function. However, I'm not paying licensing for the client. I don't need any of the features of the client. Zero. 

Fortinet has this big push to get their multi featured security client on everyone's machine. 

They should make a thin client with just the identification piece for mac.

emnoc
emnoc
New Member
March 16, 2018

Ask for a NFR ( new feature request ) , most of the others are  using a proxy and it has basic context awareness to identified the end users ( OS  type, version ,etc....)

 

 

I think your asking for something that can easily be achieved via a alternative solutions or via a  add-on or 3rd parties network profiler.

 

Next, the bigger issues, is how are you  going to enforce and delivery a end-point-agent  for  BYOD or "off the domain" devices?

 

Again, a webproxy that has endpoint context awareness is the smarter approach imho

 

Ken

 

mfahey
mfaheyAuthor
New Member
November 7, 2025

7 years later and still FSSO Agent still only really works with Windows clients only. 

Terms & ConditionsAccessibility statement