Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

AD FSSO with fortinet question

We have AD FSSO with fortinet-200E and groups are retrieved from Active Directory. I am admin with some roles assigned to my account in AD and based on that Fortinet select policy and then web filter and App filter.  I have to test some app filter and created policy for my IP only , and trying to avoid AD rules, but so far can't. So,  Is it possible to create policy with web and app filters so it will not read what is assigned  in AD roles? 


Hi @bfakhriddi,

Please correct me if I am wrong but are you looking to exclude an IP from FSSO to do some web and app filters? If yes, then you can refer to this document to exclude IP from FSSO logon event "



In this case, you might need to add a rule that includes only your IP address. So it is possible to create this following these steps:


- Create an Address object using your IP Address (e.g.

- Create a policy using said object as source only without selecting any user or user group.

- In the firewall policy view, make sure you select the "By sequence" view and place the new policy on top.


If this doesn't work, go to Dashboard>Fortiview Sessions, add a "Source IP" filter using your IP, end all the sessions and try again. It is important to clear the sessions so they can match the new policy created. 


Good luck.

Fortigate, VoIP