I am having a major headache with our 500D (Formware 5.6.5) and I’m sure it’s some fundamental setting I am missing.
FSSO configured on the Fortigate and FSSO user group pointing to AD user group for internet access.
IPv4 Policy setup as follows….. Source: all+ FSSO Group above and….. Dest: all <-- This is working fine, logging IP and AD users!
I have been trying for some time to get an alternative method of authentication to help none domain devices and Apple Macs to get internet access. We just need a pop up box, or web authentication to verify an account to AD.
So far I have tried;
NTLM authentication via an IPv4 policy (ntlm enabled via CLi) – no pop up box appears. Just fails with a page not found. Without the FSSO or LDAP user group tagged on the rule – the device gets internet.
NTLM, FSSO group and LDAP all tired using both a Transparent and Explicit proxy rules. Again the proxy policies both work fine without user groups - but when they are added I get “Access Denied – The page you requested has been blocked by a firewall policy restriction”
I followed Cookbook recipes such as this one for the above.
I don’t mind if the device gets a pop up login box, or a web authentication box, but as soon as I introduce a user group, the policy fails.
Am I missing some global setting to allow these other methods of authentication?
Help would be greatly appreciated.
Thank you for reading.