Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mes-Lili2
New Contributor III

Add AD users to firewall policy

Is this possible... the only information I can find states "user groups".

I have this part working by using FSSO for users and groups but cannot find a way of adding a policy for 1 user unless i create a new AD group on my domain and add that group to the policy.

 

 

1 Solution
11 REPLIES 11
dbu

Thank you for your outputs. 


In this case if you chose remote LDAP user groups, I think you need to select "Local" as a source for user groups on FSSO agent. Test and let me know. 
When you choose Local it means you are referring to locally created user groups on the Fortigate.
When "Collector Agent" groups will come from the agent

Regards!

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Mes-Lili2
New Contributor III

yes I am selecting local groups. I am then selecting the ldap server that has the AD groups and then searching for myself as a user and group "domain users" to the FSSO agent.

when i do this there are no users retrieved from the collector and whilst running the debug commands from earlier there is no output when i change from collector to local or when user is denied access to internet

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors