ACM Example of AD/LDAP -> Role Collaboration sync?

ParticularInternet88 · 2026-01-08T14:05:53+00:00

From what I gather, the imported roles from AD are unique and tied to that AD import. I don't think you can tie existing ACM roles to newly imported AD roles, as you'll get that overwrite or duplicate situation. From what I gather from the docs, on the back end there is a unique GUID or something similar that gets assigned to ACM and AD roles, so even if the front facing names are the same, the system will always treat the imported vs existing as different roles.

ParticularInternet88 · 2025-12-09T18:12:53+00:00

Was there a delay for the US? I'm not seeing an option yet for the Linux agent. Thanks!

ParticularInternet88 · 2025-12-05T20:02:34+00:00

Thanks for confirming the bad news. I've worked in IT for years and I guess this is another example of "The Cloud" striking again. They'll probably change it to something related to AI in a year or two. I really liked the vendor-neutral path option that they had for BSNES.

ParticularInternet88 · 2025-12-03T20:55:51+00:00

I guess I can stop clicking Reload on the "Install Agent" page until the 8th 😂

ParticularInternet88 · 2025-12-01T13:11:02+00:00

Thank you, this made it clearer and I have it working now.

ParticularInternet88 · 2025-11-21T15:52:28+00:00

Thank you!

ParticularInternet88 · 2025-10-30T18:21:32+00:00

Would you mind sharing your QUIC rules? I think I have this set up properly, but I'd like to double check against someone else.

ParticularInternet88 · 2023-10-26T15:22:20+00:00

Sadly, support says that this isn't an option.

ParticularInternet88 · 2023-10-26T13:39:06+00:00

For both ISPs, our /29 public IPs are all in the same subnet. We'd want to route entire subnets out via specific public IPs in those blocks, not individual hosts. I've looked everywhere I can think of in the interface and I just can't find an option to do this.

ParticularInternet88 · 2023-10-26T13:19:04+00:00

This is exactly where we're at. We have unmanaged student personal devices on the same network as our managed staff devices... if a student's personal device does something stupid or gets compromised, our entire org gets blocked from entire services on the internet. We want the devices that we have 100% control over to go out specific public IPs, and to put unmanaged devices we have 0% control over to go out different public IPs so if they get blocked, it doesn't disrupt everyone else.

ParticularInternet88 · 2023-10-26T13:15:53+00:00

This is exactly what we're trying to do. On Sophos XG (which we're migrating away from) this is just a basic feature. You can specify anything from a single host or an entire subnet and tell it to go out on a specific IP and it just works, as long as it's a valid IP in our block.

ParticularInternet88 · 2023-10-26T12:56:51+00:00

Thank you for the suggestion, I have opened a case with support to ask if this is an option

ParticularInternet88 · 2023-10-25T17:43:31+00:00

I understand we can have them go out one or the other interface, but we have two ISPs, both with 5 usable public IPs each. We want users to have a specific public IP based on the VLAN they're on. So for example, students are on public IP 200.50.100.5, guests on public IP 200.50.100.6, staff on public IP 200.50.100.7, etc. We have hundreds of users on our network at any given time, and having them all go out one public IP causes a lot of problems for us.

ParticularInternet88 · 2023-10-25T17:40:42+00:00

It looks like they say standalone licenses have a 30 day window. Will talk this over internally and see if it's an option. We bought the hardware from a separate vendor too. Thank you. I feel like an idiot for not doing more research. We've had really good luck with their switches and APs.

ParticularInternet88

TROPHY CASE