Enrolling the FortiDLP Agent on macOS
After you generate an enrollment code/bundle and install the FortiDLP Agent on the device you want to monitor, you must enroll the Agent.
|
It is pertinent that you protect access to enrollment codes/bundles, as they can be used to gain unauthorized access to the system. |
How to enroll the FortiDLP Agent on macOS
- Open a command-line interface.
- Run the following command, where
<code or path>is either the enrollment code or the enrollment bundle path:sudo /Library/Application\ Support/Ava/Reveal/agent/agent enroll <code or path>.
When the enrollment succeeds, the output will look as follows:
Waiting for enrollment to complete... Enrollment completed.
You should then restart the device.
|
You can confirm an Agent's enrollment by verifying the device hostname displays on the Nodes dashboard. For ease, you can filter by the hostname using the dashboard's search function. |
For troubleshooting guidance, see Resolving FortiDLP Agent deployment issues.
For instructions on enabling web monitoring, see Installing the FortiDLP Browser Extension on macOS.
|
In rare cases, you may need to re-enroll the FortiDLP Agent on a device—for example, if its certificate expires due to being offline for an extended period of time. Re-enrolling the FortiDLP Agent deletes the existing enrollment data and replaces the previous enrollment code/bundle with a new one. To re-enroll a FortiDLP Agent, you must generate a new enrollment code/bundle and then run either the After re-enrollment, the FortiDLP Agent will have a new identity, and the monitored device will display as a different managed node in the FortiDLP Console. |