How to use AD Groups directly in Firewall Policies on Fortinet Firewall on FortiOS 7.0

The Lab wanted to achieve the below:

  • Have two AD Users Group on On Premises AD – one to allow and one to deny users access to browse the website
  • Have Fortinet FSSO Agent installed on On Premises AD to sync users and groups from On Premises AD to Fortigate Firewall so I can create Firewall Policies directly using / referring AD Objects inside the Policies.
  • Use the created Allow and Deny Policies respectively to Allow or Deny traffic to based on AD Users Group Membership.

On Linux host specify the username with domain\username and use the password for the account to login.

Fortigate OS 7.0 explaining the same in the administraton guide:

Leave a comment

Your email address will not be published. Required fields are marked *