FW policy based on AD Group
I'd like to configure a FW policy that is based on a users that belong to particular AD Group.
I Installed FSSO Agent to poll our domain DC and on Fortigate FW (ver 6.4.7) I configured the Endpoint/Identity to connect to FSSO Agent.
I also configured LDAP server to be able to gather the Groups Names from our LDAP Server.
In "User & Authentication" Menu I created a goup which is based on "Fortinet Single Sign-On (FSSO)" and I selected one of the AD group fetched from FSSO.
At the END I simply added the Group to a rule in the source
It looks like that the policy doesn't recognize my user to be part of the Group selected.
Is there something else I have to enable to be able to use AD Group on policy ?
Where the user to Group membership is done at FW level (Is a Table somewhere) ?
How can I debug why the user is not part of the group defined in the FW ?