Thanks for the reply, this shows me how to add user groups into policies but my firewall is only seeing me as an ip address so i need to enable user identification and this is what i need advice on. thanks again..
If you want to do what is called passive authentication, apply policies based on AD user groups without asking the user to authenticate you have to use FSSO. This is explained in the documentation guide. You can configure FGT to poll directly the AD for events or install a collector agent on the AD (better scalability):
Basically FSSO will tie the user with its IP based on their domain logins events, than the user is tied to a FSSO group that is applied to a policy.
LDAP groups are used for active authentication, users will be prompted to enter their credentials again.
- Emirjon If you have found a solution, please like and accept it to make it easily accessible for others.
Yes I am now polling the AD server directly but my authentication seems to be failing. I am using UPN as suggested in documentation and testing directly on an AD sever i can authenticate but via tha active directory connector within external connectors it fails. thanks all for your help here..
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.