Guys

I have an issue here. I want to group my users into groups to which other can have full internet access (by-pass or override some generally blocked sites, and the other group follow these block settings). My firewall is not configured in any way around the groups, every one is going through the same control.

I am tempted to create an IP address group in the firewall as it seems an easier out option (i group ip addresses of those computer/people i want to give full internet access.) this is an issue coz when you logged into a different machine, you cannot access internet.

But the safe and secure manner is to get these users in a windows AD group and call the group in firewall somewhere i dont know. My problem is that i cant find where i can call this group in the firewall and create a second rule for it which reverts to default firewall controls.

can some one guide me step by step as to where to start in fortigate because in windows AD the groups are created  but i have trouble understanding LDAPs and RADIUS things.