Hello,
We have AD group named 'ALLOW TO INTERNET' and this member can access to the internet, if we add one user to this group how long fortinet can detect this user is member of 'ALLOW TO INTERNET' so this user can access to the internet?
Hi,
I understand that you would like to know how long it will take for a Fortigate to sync a newly added user in the group on AD.
As long as the Fortigate and AD are in sync, it will just take few minutes based on the network not more than that.
Please make sure the user is imported in the Fortigate and is added to the policy to get internet access.
Regards,
Vimala
Can we see on fortigate side every user is belong to which AD group?
Hi,
Yes, you can do this in the GUI, under User & Device > User Definition you will see all the users. In the far right column you will be able to see the references. Click the number next to the user to show you all the groups it's been added to.
Regards,
Vimala
Hello,
I believe that for local user not for AD user.
Hi,
the grou lookup will be done on every lookup that is needed to be done. If you add a user and the user authentication has to be done, so SSLVPN, captive portal, the authentication will trigger the lookup.
After this, when the user IS authenticatED, no further lookup is done. If you remove the user from the group while the user is logged in, the user will NOT loose access.
Best regards,
Markus
So, from fortigate side we can't lookup the user belong to which group, right?
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.