I'm building a test environment to try out the FSSO feature.
My current setup is a following:
One FortiGate 30E
One Windows 2016 AD DC
One Windows 2016 TS
I've set up the LDAP, FSSO part on the Fortigate, installed the AD agent & collector agent on my DC and the TS-agent on my TS.
On my FortiGate, I've created two policies.
Permitting traffic to WAN if member is in my SG_ONE group
Denying traffic to WAN if member is in my SG_TWO group
I can almost get it to work.
When I log in as user1 (member of SG_ONE) I'm permitted access to the internet (my policy one)
When I log in as user2 (member of SG_TWO) I'm denied access to the internet (my policy two)
BUT - after I have logged in as user2, user one is also denied access to the internet, even though they are not in the same security group
On my collector agent, I can see that the TS-agent logs the two different users from my TS, but only user2 is shown as logged in from the DC agent.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.