Fortigate - block sites with AD connection

Posted on 2014-11-06
Last Modified: 2014-11-18
Hi Experts,

I have a FORTIGATE 200B firewall cluster from running.
The webfilter is active for all with a policy.
Always when I have a person who needs special access to several sites, which are normally blocked, I have to create a new policy, reserve the IP of the user and blind this to the new policy.

Is it not possible to connect the FORTIGATE to my AD and use the AD user to allow  or block a site ?
Question by:Eprs_Admin
  • 7
  • 2

Expert Comment

ID: 40426077
Use LDAP or FSAE feature in fortigate to attain the goal

Author Comment

ID: 40426096
do you have a manual to set up LDAP ?

Accepted Solution

Jinujoz earned 500 total points
ID: 40426104

Author Comment

ID: 40426146
is it possible with this configuration to create a policy, based on a AD usergroup to block facebook and exclude some users from this rule ?
What do I need ? LDAP or FSAE ?

I dont know what to configure in my case ....
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.


Author Comment

ID: 40434694
Can you explain how to use LDAP with the FORTIGATE ?
I have read your link and LDAP is configured.
But how to create a policy to block sites and exclude some users from it ?

Author Comment

ID: 40434706
what I don´t understand, in my FORTIGATE they speak about FSSO and in the manual about FSAE and LDAP.

Author Comment

ID: 40434799
when I activate the Enable Identity Based Policy, then all internet access is gone.
Can you help me out to configure it properly ?

Author Comment

ID: 40449209
I need help to set this up in the Fortigate.
What do I need to allow a user a blocked site ?

Author Comment

ID: 40450057
ok I got it.
Thanks for your help which was not very satisfied :-(

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now