Hello guys,
So basically my client wants to know if there is a way to force the fortigate to validate an AD group prior to all others, so that the users in that group (that belong to other groups also), may get the permissions set in that first group.
He wants to know if theres is any sequence in wich the fortigate does that, and if so how is it done, by alphbetical order?
As an example /VPN GRUPO ANF/AD_VALIDA , whould this be verified before this one /VPN GRUPO ANF/BD_VALIDA
Thanks
The connection is permitted based on the Firewall Policy which is evaluated from top to bottom. Let's say that an end-user login to SSLVPN and authentication were done through LDAP.
FortiGate forwards the credentials to the actual LDAP server which performs the actual validation.
Thank you so much for the reply Renante
Hi,
You can setup the User group on the firewall policy and it will search from top to bottom.
Further while creating User group and selecting remote server, LDAP filter can be used to select specific CN
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.