Is this possible... the only information I can find states "user groups".
I have this part working by using FSSO for users and groups but cannot find a way of adding a policy for 1 user unless i create a new AD group on my domain and add that group to the policy.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@Mes-Lili2
I assume this is what you are looking for:
Technical Tip : How to allow traffic from specific... - Fortinet Community
Hi,
See if below kb article helps you with this requirement:
Nice document but not much help here as that is for user authentication. many thanks..
@Mes-Lili2
I assume this is what you are looking for:
Technical Tip : How to allow traffic from specific... - Fortinet Community
thanks for that, i did try that yesterday but failed so will try to see why.
I am going to accept https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-traffic-from-specific-LDAP-us... as the solution as it did answer my question... however... by adding a user account from local ldap groups causes the FSSO agent to search for that user and only displays the first find. not much use as will be an issue for users connecting from multiple devices or VPN so going to stick to FSSO doing groups and now see multiple entries for myself and will just need to create a new AD group for individual requirements.
Hi @Mes-Lili2 ,
In addition run the following debug and try to reproduce the issue so we can find more why it is failing :
diag debug console timestamp enable
diag debug app fnbamd -1
diag debug enable
Further troubleshooting:
Troubleshooting Tip: Fortigate LDAP - Fortinet Community
Regards!
I am unable to test properly as the fsso agent is getting my name to ip adress as firstname(space)lastname but forti LDAP is showing me as firstname(.)lastname so not matching.
ok username from fsso is same as ldap but still not working, nothing shows in the cli when a web site connection is attempted
also...
when i configure FSSO agent with user group source "Collector Agent" all of my users are populated and the policy works. but if i use the same setting for FSSO agent and select an ldap server and some groups/users I get this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.