Topic Thread

Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

Forigate 300D with 5.4.5 - how do you assign AD groups to security/Web filtering policies?

  • 1.  Forigate 300D with 5.4.5 - how do you assign AD groups to security/Web filtering policies?

    Posted 12-01-2017 03:26

    Hello,

    We are configuring our first Fortigate 300D with FortiOS 5.4.5.

    We need to know how to assign MS AD groups - we have connected AD to the firewall - to security/Web filtering policies, so we can have multiple filtering policies applied at a time because one of these is domain users they would overlap?

    Thanks in anticipation of your help or pointing me in the right direction for documentation,

    Paul



  • 2.  RE: Forigate 300D with 5.4.5 - how do you assign AD groups to security/Web filtering policies?

    Posted 12-11-2017 04:24

    https://docs.fortinet.com/uploaded/files/2808/fortigate-authentication-54.pdf



  • 3.  RE: Forigate 300D with 5.4.5 - how do you assign AD groups to security/Web filtering policies?

    Posted 07-20-2018 11:06
    Hello,

    Check this link: Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) - Fortinet Cookbook
    Fortinet Cookbook remove preview
    Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) - Fortinet Cookbook
    This recipe illustrates FortiGate user authentication with FSSO. In this example, user authentication controls Internet access and applies different security profiles for different users. 1. Integrating the FortiGate with the LDAP server Go to User & Device > Authentication > LDAP Servers to configure the LDAP server. 2.
    View this on Fortinet Cookbook >



    ------------------------------
    Marcos Avila [Designation]
    Ingeniero de Soporte
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 4.  RE: Forigate 300D with 5.4.5 - how do you assign AD groups to security/Web filtering policies?

    Posted 07-21-2018 00:00
    Hi,

    Q: we can have multiple filtering policies applied at a time because one of these is domain users they would overlap?
    Ans: Firewall policies will work on top to down order list. If the first policy will match with the source, destination, services etc then it will not check any other policies. 

    I am not sure, how are you going to configure the AD authentication? But the best method as SSO (Single Sign-on). 

    https://docs.fortinet.com/uploaded/files/1675/providing-Single-Sign-On-for-Windows-AD-with-a-FortiGate.pdf


    Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) - Fortinet Cookbook

    Fortinet Cookbook remove
    Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) - Fortinet Cookbook
    This recipe illustrates FortiGate user authentication with FSSO. In this example, user authentication controls Internet access and applies different security profiles for different users. 1. Integrating the FortiGate with the LDAP server Go to User & Device > Authentication > LDAP Servers to configure the LDAP server. 2.
    View this on Fortinet Cookbook >








    ------------------------------
    Deepak Kumar
    [CompanyName]
    [City]
    ------------------------------