FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article provides a detailed solution for addressing the inability to access Active Directory on a FortiGate Firewall when using Azure ISDB as the destination. The core of the problem stems from outdated ISDB services, which are essential for proper policy routing towards Azure.
Scope
FortiGate, Azure ISDB, Active Directory.
Solution
The policy to access the Active Directory is not working. Specifically, traffic is not going through the policy, and it is not working when the destination is changed to Azure ISDB. The root cause is the ISDB services are not updated because the FortiGuard schedule update option was disabled.
Understand the issue: Users may encounter problems accessing the Active Directory when the destination is set to Azure ISDB. Investigations might show that the ISDB services are not updated because the FortiGuard schedule update option was disabled.
Update the ISDB service: To resolve the issue and restore access to the Active Directory with the Azure ISDB destination, follow these steps:
Initiate debugging and application updates:
diagnose debug application update -1
diagnose debug enable
Execute the update:
exec update-now
Post the update, the firewall policy ID (policy #) should start working correctly with Azure ISDB.
Validation: Ensure the Active Directory policy functions as expected post these changes.
Note:
Before making any modifications, always back up the configuration. It is imperative to be clear on which policy or service to update and follow the procedures carefully.
