- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Feature Request: Identify users on mac,chrome and ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feature Request: Identify users on mac,chrome and windows to assign policies properly.
Every other content filter I have ever used Lets you install an agent on the client for the purposes of identifying to the content filter who the user is.
Content filters: Lightspeed systems, Securly, Go Guardian. You get the point.
Currently the only way fortinet does this is server side and it's windows only. You have to install software on the domain controller.
Our environment is mixed, we have windows,chromebooks, mac. This is pretty common now.
The solution is simple.
Eliminate FSSO ( its far overcomplex for its simple goal)
windows : create a simple .msi that reports the username at login to the fortigate
Mac: Create a dmg mac program that reports the username at login to the fortigate
Chromebook: Create a chrome extension that reports the username at login to the fortigate
Without this feature content filtering is pretty useless. If you can't identify users on most platforms and assign different policies
what is even the point of using your content filtering.
I have expressed this request multiple times to multiple people and nobody listens.
Fortinet Does not listen to customers. I got very political answers or just the run around.
Labels:
- Labels:
-
5.6
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you used the license FortiClient? That will get most of what your asking for the MACOSX device. ChromeOS might be a far fetch .
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I understand the forticlient would do this function. However, I'm not paying licensing for the client. I don't need any of the features of the client. Zero.
Fortinet has this big push to get their multi featured security client on everyone's machine.
They should make a thin client with just the identification piece for mac.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ask for a NFR ( new feature request ) , most of the others are using a proxy and it has basic context awareness to identified the end users ( OS type, version ,etc....)
I think your asking for something that can easily be achieved via a alternative solutions or via a add-on or 3rd parties network profiler.
Next, the bigger issues, is how are you going to enforce and delivery a end-point-agent for BYOD or "off the domain" devices?
Again, a webproxy that has endpoint context awareness is the smarter approach imho
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi mfahey,
I have a similar problem with an increase in the number of Chromebooks in the organisation. I can use explicit proxy to provide filtering but in order to use specific policies, and identify users, the users have to login. This isn't a smooth approach but might be a half-way-house for what you're after?
The problem with this is that the explicit proxy login page is only served over HTTP so all users' credentials are sent unencrypted. I've raised an NFR to get the login page moved to HTTPS but apparently no-one else has requested this feature. If you think it would be beneficial please contact your account manager and add your support to NFR 0467541.
The fact that a company produces a security product that allows credentials to be submitted in plain text astonishes me. Surely encrypting credentials is security 101?!
Jonathan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
EMNOC we did ask for a NFR. THey dont listen. BYOD devices use captive portal to authenticate.
Users need to login and be online. Not present with multiple logins to various things.
Jonathan, - Everyone I have spoke to has suggested work arounds like proxy and everything else instead of admitting that the content filtering piece lacks key functionality.
We gave up with fortinet and simply are using securly.com for filtering of chromebooks. IT works great and you can be up and running in minutes.
Bottom line is fortinet doesn't listen to its customers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mfahey,
I completely agree there's functionality missing, I'm just hoping there's some traction on my NFR. Thanks for the tip of Securly, I'll give that a look.
Jonathan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
my best bet would be to use a captive portal / identity-based policy for everone. A bit of a nuisance though but doable today.
Is the Device identification that bad in your environment, even with 'active scan' enabled?
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Device identification is terrible and does not work.
ede_pfau - realistically no we can't use captive portal. the requirement is login to the computer without mutliple logins to other things. Every other content filtering software has agents except fortinet.
Related Posts
- IPS and WAF security events are... 90 Views
- ZTNA not working. Help please. 61 Views
- Cisco Trunk port to Fortiswitch 383 Views
- FortiManager Import Configuration Address Object interface... 51 Views
- Moving away from Software Switches -... 158 Views
Labels
-
FortiGate
6,461 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
55 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.