For customer, they store the user informations on the AD server. And customer want to control permission based on security groups. And on the ad server, the security group information of the user is constantly updated.
1, customer need to create two import policy.
First one is for security group importation. And for this configuration, the security group information on the firewall will be refreshed.
Second one is for user and security group information importation. But don’t select the synchronization options.
2, configure the authentication policy.
3, configure the domain.
First step, configure the authentication server.
Second step, import the security groups to firewall.
Third step, configure the new user option.
4, configure the security policy base on security group.
When the user login, the group information has security group information.
1, only when the user login, the security group information of online user will be refreshed.
2, just import security group information, don’t support users into firewall.