I have LDAP Servers configured under Users&Devices-Authentication-LDAP Servers. Its utilizing LDAPS and when I click the test button it says "Successful".   When I do a packet capture on the FW (diag sniffer packet any "host IP_LDAP_Server" 4) and hitting test button I see the communication between the FG and AD Server. Life is good so far.

Now when I test from the command line:

MAIN_FW (root) # diag test authserver ldap CC_LDAP myusername mypassword I get: authenticate 'myusername' against 'CC_LDAP' failed!

The weird thing is when I do the this test from the command line I see no communication between the FG and AD Server (packet capture shows nothing). I also did a Wireshark capture on the AD Server and saw no communication between the two when I tested authentication via. command line (when I hit the test button in the gui i did see communication via Wireshare and packet cap on the FW).

So when I test via command line, no communication occurs between the FG and AD server, when a user tries to login/authenticate via ssl no communication no communication between FG and AD BUT when I click the test or Fetch DN button on the gui I see communication between the FG and AD (and obviously my packet captures show this communication).

Has anyone experienced anything like this? I know my policies are good (I can login with a internal account just nothing that requires AD authentication is working), I just cant figure out why the FW is not attempting to communicate with the AD Server for authentication. I checked my routing table (I can ping from the FG to the AD Server) and everything else is working as it should.

Any ideas would be greatly appreciated.