Forticlient, workstation policy verses user

Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

When the Fortigate 5.4.0 managed the FortiClient, I was able to apply the policies to users based on their AD group. With the changes in 5.4.1, it forced us to move to EMS and we lost a bit of functionality. The policies no longer apply to users in certain AD groups, they now apply to OU's that the workstation is in. This seems like a step backwards. We now have to change the way our enterprise does things with shared workstations since the policies no longer follow the user.

I now see in the manual that I can get my AD group membership functionality back if I also purchase FortiAuthenticator, but I don't understand why I need to purchase yet another product when I was promised all this functionality with my initial Fortigate purchase. This almost seems like a bait and switch tactic. I wouldn't be surprised if Fortinet gets sued over this one.

Anyhow, has anyone used EMS with the FortiAuthenticator and is it true that different policies can be applied by user AD group? If I have to go ask for funding to purchase this, I need to make 100% sure it will give us the functionality we need.

Denny

148

0 REPLIES 0

Top Kudoed Authors

User

Count

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Forticlient, workstation policy verses user

Nominate a Forum Post for Knowledge Article Creation