Hi,
We have the DC agent installed on our PDC, SDC and BDC and have setup AD groups for different web filters and applied them on the fortigate.
The groups work fine etc however we are getting a high number of users not authenticating to their correct policy and are going out through the catchall policy.
Any suggestions as to why they are not applying their required policy even though they are in the correct group in AD and logged in with their AD account?
Thanks
Hi,
sniffer and flow should show you more about the traffic. Maybe it's not matching your identity-based policies with FSSO.
Also pay attention to fact that any non-identity-based policy possibly catching the same traffic will be preferred.
I have no idea how your 'catchall' policy looks like, but that might be the case. If you have a look into admin or authentication guides, then look for mechanism usually called as fall-through, in this case and since ~5.2 it's implicit mechanism in FortiOS.
Basic and must-know tools: http://kb.fortinet.com/kb...amp;externalId=FD30038
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.