Firewall Policy checking AD Users

Forum|Forum|6 months ago
December 5, 2025
1 reply
175 views

Hello Team,

I have a customer with a firewall policy that grants access to the internet based on membership in an AD Group.

The policy works fine except for when a user logs into their PC before connecting to the wifi - in this case the user connects to the network but Fortigate doesn't grant access to the Internet until the user locks and unlock their machine; sometimes the user doesn't even notice for an hour if they just check internal systems.

Is this working as intended or is there a way of checking the membership even after the first login?

thanks in advance

F.

FortiGate

funkylicious

SuperUser

hi,

using FortiGate to retrieve from a DC agent or polling the AD directly ?

L.E. i think its related to event id 4624 not being trigger due to logon to the workstation before having network access to the DC.

"jack of all trades, master of none"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded