im having big issue about firewall users. the problem is my client told me that he wants to create users and manage them using user group so i created 500 users and add them to 23 groups, after creating all the policies it work fine but now some of the users cant access the internet using their PC and not all the users cause this just few users. there is no any mac binding and any other device control policy in my firewall.funny thing is that users cant access their user name using internet but using different user name they can access the internet using same machine. so i check all the configuration but i couldn't find any error. after that i plug new network card to that PC and configure it using same IP as previews network card had then it working fine with their user name and password.
another thing is after typing username and password it authenticate in the firewall but i cant ping to the google, but using different username and password it can.
So this is the reason for this issue, in that time I have enable the device detection in the firewall.that is the reason for this mess, if you guys want to enable device detection please make sure your end devices are virus-free. because as my knowledge FortiGate detects devices using by TTL. in my scenario my client PC's are exposed to viruses and they change the TTL of the machines,
diagnose user device get <MAC-ADDRESS> (you can get device information device OS etc)
diagnose user device clear all (clear all the device inventory)
diagnose user device del <MAC-ADDRESS> (you can delete one by one)
using the above command you can resolve the issue but it's not permanent.
I solve this quite some time ago sorry for the late reply.
It appears that you are experiencing an issue with firewall users on your Fortinet Firewall model 500D. Here are some steps you can take to troubleshoot and resolve the problem:
1. Check the user group settings: Verify that the affected users are assigned to the correct user groups. Ensure that the user groups have the appropriate policies and access rights configured.
2. Verify user credentials: Double-check the usernames and passwords for the affected users. Ensure that they are entered correctly and match the credentials in the firewall's user database.
3. Check for user-specific configurations: Review any specific configurations or restrictions that are applied to the affected users. Make sure that there are no restrictions that might be blocking their internet access.
4. Network card configuration: As you mentioned that changing the network card on the affected PCs resolved the issue, it could be a network card driver or configuration problem. Ensure that the network card drivers are up to date and properly configured on the affected PCs.
5. Network connectivity: Verify that the affected PCs have a stable network connection. Check for any network-related issues such as IP conflicts, DNS settings, or connectivity problems.
6. Firewall policies: Review the firewall policies to ensure that there are no policies blocking internet access for the affected users. Check if there are any conflicting policies or misconfigured rules.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.