Hi. Could it be so that not all the "WAN link" subnets in MPLS are "known"/distributed in routing? Test to ping the AD server from a failing firewall. If problem, try to add a "source-ip" in CLI for the LDAP config using one of the LAN interface IPs. /Conny
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.