Hello Everyone,
I have installad the FSSO Agent and DC Agent in a Domain Controller following the guide below, except for the Working Mode in the DC Agent, where I have set the "Polling Mode" intead DC Agent Mode.
After the configuration, I can see all the AD Groups in the Fortigate. So, I have add the group "Domain Users" in the rule to access the Internet, but when I did that all users have lost internet access.
To test, I created a user group with the Firewall Type, mapping it with the Domain Users' group in the External Group option, selecting the configured LDAP Server. With this group in the policy, it works.
Anyone knows why the group retrieved directly from the AD (FSSO Agent) didn't work, but the mapped local user group works? The working mode of the DC Agent I have set can be the problem?
Solved! Go to Solution.
Hello,
Thanks a lot for your contribution in Community.
May I propose you to have a look in our Knowledge Base, under this section:
https://community.fortinet.com/t5/FortiGate/tkb-p/TKB20?pageNum=1
You will find articles concerning FortiGate.
If you do not find any answers do not hesitate to come back to us, we will find somebody to help you.
Regards,
Hey gcarvalho,
in principle, you should be ablet o use the AD groups in policies outright starting somewhere in 6.2. There were a few reported issues of this not working at all times, however.
can you let us know the following?
- what firmware version is your FortiGate?
- are you using the AD groups in regular policies, or proxy policies?
-> I've come across a few instances of the AD groups not working in proxy policies when they work just fine in regular policies
Thanks!
Hello,
Thanks a lot for your contribution in Community.
May I propose you to have a look in our Knowledge Base, under this section:
https://community.fortinet.com/t5/FortiGate/tkb-p/TKB20?pageNum=1
You will find articles concerning FortiGate.
If you do not find any answers do not hesitate to come back to us, we will find somebody to help you.
Regards,
Hey gcarvalho,
in principle, you should be ablet o use the AD groups in policies outright starting somewhere in 6.2. There were a few reported issues of this not working at all times, however.
can you let us know the following?
- what firmware version is your FortiGate?
- are you using the AD groups in regular policies, or proxy policies?
-> I've come across a few instances of the AD groups not working in proxy policies when they work just fine in regular policies
Thanks!
Just to share with the community, I had changed the Working Mode to Agent intead Polling. I also changed the policy mode from Proxy to Flow-based. After that, I was able to use the AD groups in the policies with success.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1758 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.