Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mes-Lili2
New Contributor III

Add AD users to firewall policy

Is this possible... the only information I can find states "user groups".

I have this part working by using FSSO for users and groups but cannot find a way of adding a policy for 1 user unless i create a new AD group on my domain and add that group to the policy.

 

 

1 Solution
11 REPLIES 11
pbangari
Staff
Staff
Mes-Lili2
New Contributor III

Nice document but not much help here as that is for user authentication. many thanks..

xshkurti
Staff
Staff
Mes-Lili2
New Contributor III

thanks for that, i did try that yesterday but failed so will try to see why.

Mes-Lili2
New Contributor III

I am going to accept https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-traffic-from-specific-LDAP-us... as the solution as it did answer my question... however...   by adding a user account from local ldap groups causes the FSSO agent to search for that user and only displays the first find. not much use as will be an issue for users connecting from multiple devices or VPN so going to stick to FSSO doing groups and now see multiple entries for myself and will just need to create a new AD group for individual requirements. 

dbu
Staff
Staff

Hi @Mes-Lili2 ,

In addition run the following debug and try to reproduce the issue so we can find more why it is failing :

 

diag debug console timestamp enable

diag debug app fnbamd -1

diag debug enable

 

Further troubleshooting: 
Troubleshooting Tip: Fortigate LDAP - Fortinet Community

 

Regards!

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Mes-Lili2
New Contributor III

I am unable to test properly as the fsso agent is getting my name to ip adress as firstname(space)lastname but forti LDAP is showing me as firstname(.)lastname so not matching.

Mes-Lili2
New Contributor III

ok username from fsso is same as ldap but still not working, nothing shows in the cli when a web site connection is attempted

Mes-Lili2
New Contributor III

also...

when i configure FSSO agent with user group source "Collector Agent" all of my users are populated and the policy works. but if i use the same setting for FSSO agent and select an ldap server and some groups/users I get this.

fortilist.jpg
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors