I want to use FSSO with my Fortigate and I want to use webfilters for my departments.
All is setup and working.
But something is really strange and I get a lot of emails from FORIGATE about AD AUTHENTICATION FAILED.
I Have one Webfilter, it blocks just one site the rest is open.
But why I get this errors ?
Message meets Alert condition
date=2015-05-06 time=13:44:16 devname=FORTI device_id=FGxx log_id=0106043013 type=event subtype=auth pri=notice vd="root" src=10.2.1.94 dst=18.104.22.168 proto=6 policyid=70 user="N/A" adgroup="N/A" ui="(10.2.1.94)" action=FSSO-auth status=failure reason="none" msg="AD group user failed in authentication"
The responding security group has all my admins as members.
And when I login to the server with my admin, the internet is reachable and the blocked site is correct.
When all sites are allowed, why I get so much alerts from FORTIGATE ?