Hi,
Setting up my first fortigate 101e v6.0. I have everything setup and working, firewall rules, static routes, SD-WAN. But cannot get the AD polling to work.
Does anyone actually use AD polling or is using the fortinet SSO agent the more used standard? What is the benefit of using the sso agent? We have a relatively small environment. 2 DC's 250 users.
Under security fabric > fabric connecotrs > poll ad server option i have configured this to connect to my AD - no issues. I've added the users/groups. Added them to my IPv4 Policies - but the policies never match.
Under Firewall User Monitor - i can see users logging on.
The rule is incredible basic. If user a member of facebook_allow group then allow facebook.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, your traffic is probably hitting some non-identity based policy and so flowing unauthenticated or even not matching your policy completely. Keep in mind that since 5.1 IP based policies has precedence over those Identity based. Use basic tools like session list and flow debug to find out.
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30038
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
it should not be needed to explicitly block facebook .. keep in mind that FortiGate is 'implicit deny' typo of firewall.
And so all the policies are positive exemptions to this deny everything rule.
Having identity based policy to allow facebook to some authenticated users and letting every one else fall to implicit deny should be enough.
As I wrote before, IP based policies are searched first, so if you have one policy to deny facebook, all the users will hit that first, and there will be no attempt to hit identity based policy.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1066 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.