I have a Fortigate 200D with user identity firewall policies. User groups are using remote groups in Active Directory for authentication.
I need to enable non domain users (guest) to be prompted for username/pwd when they try to access internet.
AAA server is configured on the Fortigate for remote authentication of guest accounts.
I created a firewall policy with "Guest_Users" as Source User. This policy is placed at the bottom of the rules from LAN ---> WAN1,with the appropriate UTM features.
However, non domain users are not getting any prompt when trying to browse. they are simply blocked ( by rule 0)
Am I missing anything?