- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiClient receiving wrong profile
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient receiving wrong profile
I' m running 5.2 on a 90D, and seem to be having trouble getting the right profile applied to the FortiClients.
I have multiple profiles, assigned to machines by group. Looking in the FortiClient monitor, I can see machines which are in a group that should be assigned to a profile which are using the default profile.
I can' t see any way to debug these though, either in the CLI or the web interface
The only thing I can see that' s different is some are registered - On-Net, and some are Off-Net (though they' re all online, so I' m not sure what the difference is).
Anyone got any advice.
Thanks
Tom.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Known bug apparently. So that' s OK then...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi TomS,
I have the same issue here. I'm using FSSO and FSSO is working perfectly. But I would like to assign different profile to different groups and I have an issue... All users are still using the default profile.. They are never switched to the correct profile..
Did you find any info in order to debug ?
Record #38:
IP_Address = 172.16.40.130(38)
VDOM = root
Registration status: Forticlient registered
Online status: offline
FCC connection handle: 3982
FortiClient version: 5.0.10
AVDB version: 26.199
FortiClient app signature version: 6.656
FortiClient vulnerability scan engine version: 1.380
FortiClient feature version status: 0
FortiClient config dirty: 0:1:1
FortiClient KA interval dirty: 0
FortiClient Full KA interval dirty: 0
FortiClient server config: 2229b7b211a25d890de979fb8eb5c150::
FortiClient config: 2229b7b211a25d890de979fb8eb5c150
FortiClient iOS server mconf:
FortiClient iOS mconf:
FortiClient iOS server ipsec_vpn mconf:
FortiClient iOS ipsec_vpn mconf:
Endpoint Profile: default
Reg record pos: 37
Auth_AD_groups: Utilisa. du domaine+Proxy-Utilisateur+CERTSVC_DCOM_ACCESS+Utilisateurs
Auth_group:
Auth_user:
OS_Version: Microsoft Windows 7 , 64-bit Service Pack 1 (build 7601)
Host_Description: ThinkCentre M93 - Win7 x64 - Toto
Domain: xxxx
Last_Login_User: Toto
Host_Model:
Host_Manufacturer: LENOVO
CPU_Model: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Memory_Size: 4096
Installed features: 55
Enabled features: 17
But the user Toto should be on the group "Proxy" :
edit "FSSO-PROXY-VPNIPSEC"
set group-type fsso-service
set member "CN=Proxy-VPNIPSEC,CN=Builtin,DC=domain,DC=fr"
next
FW1 # diagnose test authserver ldap LDAP-DOMAIN Toto password
authenticate 'Toto' against 'LDAP-DOMAIN' succeeded!
Group membership(s) - CN=Proxy-VPNIPSEC,CN=Builtin,DC=domain,DC=fr
CN=Proxy-Utilisateur,CN=Builtin,DC=domain,DC=fr
CN=Utilisa. du domaine,CN=Users,DC=domain,DC=fr
Thanks and Best Regards,
Nick
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was told the issue was fixed in the 5.2 release a few months after I posted.
It's not, as far as I can see.
I have mostly worked around it by adding a profile for machines and a profile for users that do the same job (users mostly stick to a single machine here). One or other of the profiles normally picks them up, the default is right for about 75% of users anyway. Occasionally a machine will drop right out the bottom and end up with no config at all, but a refresh normally sorts that out. I had to figure this out myself, they don't suggest anything useful if you contact support.
I've given up on Fortigate support for anything that's not mission critical. Even then the support is very slow and don't really do anything except tell you to wait for the next release, which may or may not fix it. And they can't tell you when it will be. Oh, and they'll give you a bug number you can't look up. and which won't appear in the release notes.
Related Posts
- About Restoring the FortiClient Backup Configuration... 105 Views
- ZTNA not working. Help please. 276 Views
- FortiClient IPSec VPN keeps connecting to... 152 Views
- Forticlient Vpn only - impossible to... 464 Views
- Fortclient VPN Client Linux - IPSEC... 377 Views
Labels
-
FortiGate
6,524 -
FortiClient
1,301 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
241 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.