Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
liamcatt
New Contributor

Created on ‎09-26-2018 10:26 AM

FSSO not authenticating random users

Hi,

 

We have the DC agent installed on our PDC, SDC and BDC and have setup AD groups for different web filters and applied them on the fortigate.

 

The groups work fine etc however we are getting a high number of users not authenticating to their correct policy and are going out through the catchall policy.

 

Any suggestions as to why they are not applying their required policy even though they are in the correct group in AD and logged in with their AD account?

 

Thanks

2731
0 Kudos
1 REPLY 1
xsilver_FTNT
Staff
Staff

Created on ‎09-26-2018 11:15 PM

Hi,

sniffer and flow should show you more about the traffic. Maybe it's not matching your identity-based policies with FSSO.

Also pay attention to fact that any non-identity-based policy possibly catching the same traffic will be preferred.

I have no idea how your 'catchall' policy looks like, but that might be the case. If you have a look into admin or authentication guides, then look for mechanism usually called as fall-through, in this case and since ~5.2 it's implicit mechanism in FortiOS.

 

Basic and must-know tools: http://kb.fortinet.com/kb...amp;externalId=FD30038

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1224
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.