Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bartynp
New Contributor II

Created on ‎11-08-2023 05:12 AM

FortiEMS - ActiveDirectory Home Folders access/mount

There is a environment like below:

 

  1. AD located in the cloud
  2. EMS serwer located in the cloud
  3. On the edge of the cloud, there is a FG virtual machine
  4. In the branch, there is a FG and Fortiswitch
  5. There is a VPN IPSEC tunnel between the branch and the cloud (from FG located in the branch to FG Virtual Machine, located in the cloud)

Firewall rules contains ZTNA tags in the branch FG and in the cloud FG; checking the traffic which goes to the machines located in the cloud.

 

  1. user connects computer to the fortiswitch in the branch
  2. port in the fortiswitch is in the NAC mode
  3. in the beginning; this computer first goes to the "onboarding" vlan; after two or three minutes later; computer has acces to company sites.

Each user has own home folder which access path is declared in te user AD account setting. But there is a problem. How to mount user home folder if the EMS server needs a few minutes before it authenticates the machine? Is there any solution?  

Labels:
1141
0 Kudos
5 REPLIES 5
Stephen_G
Moderator
Moderator

Created on ‎11-11-2023 04:56 AM Edited on ‎11-11-2023 04:56 AM

Hello bartynp,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
1104
Stephen_G
Moderator
Moderator

Created on ‎11-13-2023 04:15 AM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Stephen - Fortinet Community Team
1058
bartynp
New Contributor II
In response to Stephen_G

Created on ‎11-13-2023 01:30 PM

thx :)

1037
0 Kudos
azaria23
New Contributor

Created on ‎11-13-2023 04:23 AM

If it is anything like the FortiSSO agent, it needs the privileges to run on a server with system context (domain controller probably) and / or just AD User read for AD (e.g. it just needs to talk to AD from a client machine).

https://showbox.bio https://tutuapp.uno/
https://showbox.bio https://tutuapp.uno/
1055
bartynp
New Contributor II

Created on ‎11-13-2023 01:36 PM Edited on ‎11-13-2023 01:37 PM

it talks; but when there is "onboarding" process (NAC port i fortswitch, vlan changing); it takes time; user logs into the system (using cached credentials) before the windows can talk to the AD or wait until the computer connects to the network. There is no chance to talk to any system before; there is no connection during "onboarding process".

1036
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.