Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JonasV
New Contributor III

FortiClient EMS per user policy

Hello

 

We are using FortiClient EMS to manged + 7.000 FortiClient, only using the VPN function.

The EMS server uses our Microsoft Active Directory to pull in devices and their location in the AD.

Currently we are assigning policies to devices based on the device location in AD (OUs).

 

However I'de like to be able to assign policies to users / user-groups.

I've greated a new AD security group, and added my user as member.

I'm able to view the AD security group in FortiClient EMS, and I can assign my policy to it.

However I can't view my user as member of the group in EMS, and also my FortiClient still has the old policy assigned from it's current location.

I've made sure the policy has the highest priority under 'managed policies'.

 

Anyone been trying this out with success?

Kind regards
Kind regards
1 Solution
btan
Staff
Staff

Hi JonasV,


May I know your EMS version?

'However I can't view my user as member of the group in EMS'
-> Do you mean that when hover over the username in Endpoint pane, you see nothing just like the sample below:
jonas.PNG

In normal scenario, it should show user's group membership if EMS can read it correctly:
jonas2.png
If your scenario matches the first screenshot, kindly raise a TAC ticket to us for investigation.

Regards,
Bon

View solution in original post

4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Hello Jonas,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Jean-Philippe_P
Moderator
Moderator

Hello JonasV,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

 

Thanks,

Jean-Philippe - Fortinet Community Team
btan
Staff
Staff

Hi JonasV,


May I know your EMS version?

'However I can't view my user as member of the group in EMS'
-> Do you mean that when hover over the username in Endpoint pane, you see nothing just like the sample below:
jonas.PNG

In normal scenario, it should show user's group membership if EMS can read it correctly:
jonas2.png
If your scenario matches the first screenshot, kindly raise a TAC ticket to us for investigation.

Regards,
Bon
JonasV
New Contributor III

Hi Bon

Thank you and sorry for my late reply. I did raise a TAC tricket and we identified issues with our SQL DB.

I am deploying a fresh EMS server and SQL DB, and will migrate licens and users to the new server as a solution. 

Kind regards
Kind regards
Top Kudoed Authors