Hi,
Q: we can have multiple filtering policies applied at a time because one of these is domain users they would overlap?
Ans: Firewall policies will work on top to down order list. If the first policy will match with the source, destination, services etc then it will not check any other policies.
I am not sure, how are you going to configure the AD authentication? But the best method as SSO (Single Sign-on).
https://docs.fortinet.com/uploaded/files/1675/providing-Single-Sign-On-for-Windows-AD-with-a-FortiGate.pdf
Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) - Fortinet Cookbook
Fortinet Cookbook |
remove <g class="gr_ gr_832 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="832" data-gr-id="832"><g class="gr_ gr_844 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar only-ins replaceWithoutSep" id="844" data-gr-id="844">preview</g></g> |
 |
Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) - Fortinet Cookbook |
This recipe illustrates FortiGate user authentication with FSSO. In this example, user authentication controls Internet access and applies different security profiles for different users. 1. Integrating the FortiGate with the LDAP server Go to User & Device > Authentication > LDAP Servers to configure the LDAP server. 2. |
View this on Fortinet Cookbook > |
|
|
------------------------------
Deepak Kumar
[CompanyName]
[City]
------------------------------
Original Message:
Sent: 12-01-2017 06:26
From: Paul Woods
Subject: Forigate 300D with 5.4.5 - how do you assign AD groups to security/Web filtering policies?
Hello,
We are configuring our first Fortigate 300D with FortiOS 5.4.5.
We need to know how to assign MS AD groups - we have connected AD to the firewall - to security/Web filtering policies, so we can have multiple filtering policies applied at a time because one of these is domain users they would overlap?
Thanks in anticipation of your help or pointing me in the right direction for documentation,
Paul