How to use AD Groups directly in Firewall Policies on Fortinet Firewall on FortiOS 7.0

The Lab wanted to achieve the below:

  • Have two AD Users Group on On Premises AD – one to allow and one to deny users access to browse the website bbc.com
  • Have Fortinet FSSO Agent installed on On Premises AD to sync users and groups from On Premises AD to Fortigate Firewall so I can create Firewall Policies directly using / referring AD Objects inside the Policies.
  • Use the created Allow and Deny Policies respectively to Allow or Deny traffic to bbc.com based on AD Users Group Membership.

On Linux host specify the username with domain\username and use the password for the account to login.

Fortigate OS 7.0 explaining the same in the administraton guide:

https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/795593/use-active-directory-objects-directly-in-policies

Leave a comment

Your email address will not be published. Required fields are marked *