Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Feature Request: Identify users on mac,chrome ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feature Request: Identify users on mac,chrome and windows to assign policies properly.
Every other content filter I have ever used Lets you install an agent on the client for the purposes of identifying to the content filter who the user is.
Content filters: Lightspeed systems, Securly, Go Guardian. You get the point.
Currently the only way fortinet does this is server side and it's windows only. You have to install software on the domain controller.
Our environment is mixed, we have windows,chromebooks, mac. This is pretty common now.
The solution is simple.
Eliminate FSSO ( its far overcomplex for its simple goal)
windows : create a simple .msi that reports the username at login to the fortigate
Mac: Create a dmg mac program that reports the username at login to the fortigate
Chromebook: Create a chrome extension that reports the username at login to the fortigate
Without this feature content filtering is pretty useless. If you can't identify users on most platforms and assign different policies
what is even the point of using your content filtering.
I have expressed this request multiple times to multiple people and nobody listens.
Fortinet Does not listen to customers. I got very political answers or just the run around.
Labels:
- Labels:
-
5.6
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you used the license FortiClient? That will get most of what your asking for the MACOSX device. ChromeOS might be a far fetch .
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I understand the forticlient would do this function. However, I'm not paying licensing for the client. I don't need any of the features of the client. Zero.
Fortinet has this big push to get their multi featured security client on everyone's machine.
They should make a thin client with just the identification piece for mac.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ask for a NFR ( new feature request ) , most of the others are using a proxy and it has basic context awareness to identified the end users ( OS type, version ,etc....)
I think your asking for something that can easily be achieved via a alternative solutions or via a add-on or 3rd parties network profiler.
Next, the bigger issues, is how are you going to enforce and delivery a end-point-agent for BYOD or "off the domain" devices?
Again, a webproxy that has endpoint context awareness is the smarter approach imho
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi mfahey,
I have a similar problem with an increase in the number of Chromebooks in the organisation. I can use explicit proxy to provide filtering but in order to use specific policies, and identify users, the users have to login. This isn't a smooth approach but might be a half-way-house for what you're after?
The problem with this is that the explicit proxy login page is only served over HTTP so all users' credentials are sent unencrypted. I've raised an NFR to get the login page moved to HTTPS but apparently no-one else has requested this feature. If you think it would be beneficial please contact your account manager and add your support to NFR 0467541.
The fact that a company produces a security product that allows credentials to be submitted in plain text astonishes me. Surely encrypting credentials is security 101?!
Jonathan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
EMNOC we did ask for a NFR. THey dont listen. BYOD devices use captive portal to authenticate.
Users need to login and be online. Not present with multiple logins to various things.
Jonathan, - Everyone I have spoke to has suggested work arounds like proxy and everything else instead of admitting that the content filtering piece lacks key functionality.
We gave up with fortinet and simply are using securly.com for filtering of chromebooks. IT works great and you can be up and running in minutes.
Bottom line is fortinet doesn't listen to its customers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mfahey,
I completely agree there's functionality missing, I'm just hoping there's some traction on my NFR. Thanks for the tip of Securly, I'll give that a look.
Jonathan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
my best bet would be to use a captive portal / identity-based policy for everone. A bit of a nuisance though but doable today.
Is the Device identification that bad in your environment, even with 'active scan' enabled?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Device identification is terrible and does not work.
ede_pfau - realistically no we can't use captive portal. the requirement is login to the computer without mutliple logins to other things. Every other content filtering software has agents except fortinet.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,621 -
FortiClient
1,741 -
5.2
801 -
FortiManager
720 -
5.4
639 -
FortiAnalyzer
552 -
FortiSwitch
470 -
FortiAP
464 -
FortiClient EMS
421 -
6.0
416 -
5.6
362 -
FortiMail
315 -
6.2
251 -
SSL-VPN
236 -
FortiAuthenticator v5.5
234 -
Fortiweb
205 -
IPsec
203 -
5.0
196 -
FortiNAC
186 -
FortiGuard
139 -
6.4
128 -
SD-WAN
113 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiAuthenticator
95 -
FortiToken
89 -
Customer Service
79 -
Firewall policy
78 -
Wireless Controller
77 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
56 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
51 -
ZTNA
48 -
FortiExtender
45 -
FortiSandbox
44 -
Routing
44 -
FortiDNS
42 -
DNS
42 -
LDAP
41 -
BGP
40 -
Authentication
37 -
SAML
36 -
FortiGate v5.4
35 -
NAT
35 -
FortiSwitch v6.4
34 -
Certificate
34 -
RADIUS
32 -
SSO
31 -
Interface
31 -
FortiLink
29 -
FortiConnect
28 -
VDOM
28 -
FortiWAN
27 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Automation
14 -
Static route
14 -
System settings
14 -
IP address management - IPAM
14 -
snmp
13 -
FortiCASB
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
FortiManager v4.0
10 -
IPS signature
10 -
Security profile
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
Proxy policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiGate-VM
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
TACACS
2 -
Schedule
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1688 | |
| 1087 | |
| 752 | |
| 446 | |
| 227 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.