Policy with subnet ranges and FSSO groups not working.

Forum|Forum|7 months ago
November 5, 2025
2 replies
903 views

Hi

I have a 400F Fortigate with v7.4.9 build2829 (Mature). There is a policy that has always worked but since the upgrade to the current firmware I have had issues with users reporting no internet however once i remove the FSSO group from the rule internet access is restored. Both LDAP server show connection status as successful. Both external connectors are up. Collector agent status is running.

FortiGate

AEK

SuperUser

Hi

Did you upgrade the FSSO agent? 5.0 build 0323 and later is required.

Check here:

https://docs.fortinet.com/document/fortigate/7.4.9/fortios-release-notes/242321

AEK

ipsectunnelAuthor

Explorer

Hi AEK

Yes, the agent is on the correct version. What I did was disable the rule that always was working and create a new one identical to the old one and the new one is working fine so far.

Sheikh

Staff

Hello @ipsectunnel

By enabling these debugs on Firewall, would give more details about auth failures.

# diag deb reset

# diag debug console timestamp enable
# diag deb app authd -1

# diag debug app fssod -1
# diag deb en

regards,

Sheikh

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded