Getting AD authentication going on a Fortigate is a slightly finicky, but well documented process and once you get it working it works well. If it’s something you battle with, leave a comment and I’ll do a HowTo.
That said I recently had an issue with a Fortigate unit that absolutely insisted on putting all FSSO users in the FSSO_guest_users group, which means none of my Policies using authentication was working. This is what the Fortigate saw my logged on users as:
The fix in the end was fairly simple, turns out that on the Fortigate I had the groups configured in Advanced mode, like so: CN=Internet Access,OU=Security Groups,OU=Head Office,DC=corp,DC=root.
Once the change was made I refreshed the FSSO groups on the Fortigate via the “execute fsso refresh” command and all was well again.
For those of you keeping notes, the Fortigate was running FortiOS v5 Patch 6 and the FSSO agent was v4.0 MR3 B0151