Im looking to determine if different AD security groups can be configured on DUO to allow a user logging in to the SSLVPN to get a different firewall policy depending on their AD group membership. I know you can restrict access with one security group but I'm looking to see if multiple AD groups can be configured in DUO.
I found this, but it still only references one group.
security_group_dn | To further restrict access, specify the LDAP distinguished name (DN) of a security group that contains the users who should be able to log in as direct group members. Nested groups are not supported. Users who are not direct members of the specified group will not pass primary authentication. Example:
security_group_dn=CN=DuoVPNUsers,OU=Groups,DC=example,DC=com
Starting with Authentication Proxy v3.2.0, the security_group_dn may be the DN of an AD user's primarygroup. Prior versions do not support primary groups. |
Best
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can call multiple AD groups in fortigate and applied them in firewall policy
Hi @EasyDoesIT ,
Have a look at the guide here how to create SSL VPN with multiple realms :
https://community.fortinet.com/t5/Blogs/Deploying-SSL-VPNs-Using-Multiple-Realms/ba-p/238145
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/724772/ssl-vpn-multi-realm
Hi @EasyDoesIT,
If you are using RADIUS authentication, you can refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-define-group-based-authorization/ta...
Regards,
I have found a DUO help article:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.