Hello there, Currently testing a Fortigate unit for possible use in
production soon.We have a scenario where we need to set URL filtering
based on LDAP group membership but the group membership changes
frequently. A user could be in and out of a grou...
Thanks for that - may work for us. If anyone from Fortinet is reading -
please implement client check on Forticlient for Mac! Would make life so
much easier.
Unfortunately client checking is only supported on Windows and we are
heavily mac on the client side, otherwise I'd use that. Host check with
Mac address might be the only option. Any other ideas?
I'm also trying to implement something like this so we can lock down the
Forticlient to authorized domain computers. All docs seem to mention
user certs. Anyone know if computer certificates can be used?
Hi Chris, Thanks for pointing me in the right direction - I found the
"Group lookup interval" setting in the Advanced Settings of the
Collector agent which was set to zero by default (no checking). Setting
this to a lowish value seems to do the trick...
Thanks for your reply. Am I correct in saying that the only way for the
Fortigate to receive updated LDAP group membership is by triggering a
logon event from the Mac? (whether that's by mapping a drive, logging on
or some other method.) Cheers
