Hi Forti Fellows,

I deployed the FGT-60E over 6.0 and 6.0.2 for the explicit web proxy authentication. The issue is that after all configuration of explicit web proxy by following the process of making " authentication scheme (basic + NTLM method), authentication rule, authentication setting " and set up the proxy on the 8080, it's working when we run simple proxy policy without adding the AD-Group in the source. 

But whenever I add the SSO-Based AD-group in the source the connection is denied and traffic is blocked by the implicit rule and it gives the error " your connection is not secure + access denied ".  

In the logs, the group field is showing "N/A" against the AD-user and as the user not got identify from the group so it's blocked the traffic. 

Here are the configurations and setup.

Configure Authentication Scheme

FGT60ETK18025803 # config authentication scheme FGT60ETK18025803 (scheme) # edit ibs_auth_scheme FGT60ETK18025803 (ibs_auth_scheme) # set method basic FGT60ETK18025803 (ibs_auth_scheme) # set user-database IBS_AD FGT60ETK18025803 (ibs_auth_scheme) # end

Configure Authentication Rule

FGT60ETK18025803 # config authentication rule FGT60ETK18025803 (rule) # edit ibs_auth_rule FGT60ETK18025803 (ibs_auth_rule) # set status enable FGT60ETK18025803 (ibs_auth_rule) # set protocol http FGT60ETK18025803 (ibs_auth_rule) # set srcaddr ibs_lan FGT60ETK18025803 (ibs_auth_rule) # set ip-based disable FGT60ETK18025803 (ibs_auth_rule) # set active-auth-method ibs_auth_scheme FGT60ETK18025803 (ibs_auth_rule) # set web-auth-cookie enable FGT60ETK18025803 (ibs_auth_rule) # end

Configure Authentication Settings

FGT60ETK18025803 # config authentication setting FGT60ETK18025803 (setting) # set active-auth-scheme ibs_auth_scheme FGT60ETK18025803 (setting) # set captive-portal-port 8080 FGT60ETK18025803 (setting) # end

Thanks in advance.