Skip to main content
menatwork
menatwork
Visitor III
November 23, 2022
Question

FortiClient Forticlient EMS 7.0.7 -- logged in via userverification: Disconnected after restart

  • November 23, 2022
  • 4 replies
  • 2867 views

Hi folks,

I have an EMS Server running @ DMZ facing to the internet (and is reachable via the internet)

It is NO member of a domain (stand-alone)

But AD-Sync is activated and working

 

As I don't want rogue clients to register with my EMS I activated "Enforce invitation-only registration" and setted up a bulk-invitation with AD (domain) credentials to be asked for.

 

If I install the Forticlient at a client and give the invitation-key, the system asks me for the domainusercredentials. This works like a charm.

 

But I noticed that, if another user uses the same device, the forticlient is not automatically connected to the EMS server. The newly logged in user would have to use the invitation code with his own AD creds to register at the EMS.

 

I think, this is the way "Enforce invitation only registration" is made for? So it is normal behaviour?

 

What I would like to have is:

Install the Forticlient @ the client (we do this manually using the installer from the FortiEMS)

Put in the FQDN Servername of the EMS

Connect

Ready

 

and (most important) this registration should also be automatically up and running if another user logs into the same device.

 

Is this possible?

 

Man, I might have some kind of roadblock in my head. I just have to use no user authentification and only force the reg. via invitation code.

 

Only thing is, that all users get into the unverified users folder (of Forti EMS). But this makes sense also and as far as I noticed should not be a problem.

 

Thanks!

4 replies

Anthony_E
Staff
Anthony_E
Staff
November 26, 2022

Hello menatwork,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
November 28, 2022

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Best Regards
menatwork
menatworkAuthor
Visitor III
November 29, 2022

hi and thanks. I already have got a ticket open till about june 2022.

I am more interested in whether some of you folks can replicate the behaviour?

Anthony_E
Staff
Anthony_E
Staff
November 29, 2022

Hello menatwork,

 

I see, I will find a FortiClient expert for you.

 

Regards.

Best Regards
btan
Staff & Editor
btan
Staff & Editor
November 29, 2022

Hi menatwork,


I personally have not tested this "Enforce User Verification" feature. 
I research internally and found a few threads discussing about this as well.

"If another user uses the same device, the forticlient is not automatically connected to the EMS server. The newly logged in user would have to use the invitation code with his own AD creds to register at the EMS."
This is indeed the current behavior for FCT & EMS 7.0.7.

Engineering Team is still actively evaluating how this feature should work with "Enforce invitation only registration", we do have other customers facing the same dilemma.

If you have a ticket opened, we can share more details regarding our Internal case #859000, #837859, #859364. 

 

Terms & ConditionsAccessibility statement