If no filter is defined for a FortiGate unit and there is no default filter, the Collector agent sends all Windows AD group and user logon events to the FortiGate unit. While this normally is not a problem, limiting the amount of data sent to the FortiGate unit improves performance by reducing the amount of memory the unit uses to store the group list and resulting logs. |
FortiGate SN | The serial number of the FortiGate unit to which this filter applies. |
Description | An optional description of the role of this FortiGate unit. |
Monitored Groups | The Windows AD user groups that are relevant to the security policies on this FortiGate unit. |
Add | Create a new filter. |
Edit | Modify the filter selected in the list. |
Remove | Remove the filter selected in the list. |
OK | Save the filter list and exit. |
Cancel | Cancel changes and exit. |
Default filter | Select to create the default filter. The default filter applies to any FortiGate unit that does not have a specific filter defined in the list. |
FortiGate Serial Number | Enter the serial number of the FortiGate unit to which this filter applies. This field is not available if Default is selected. |
Description | Enter a description of this FortiGate unit’s role in your network. For example, you could list the resources accessed through this unit. This field is not available if Default is selected. |
Monitor the following groups | The Collector agent sends to the FortiGate unit the user logon information for the Windows AD user groups in this list. Edit this list using the Add, Advanced and Remove buttons. |
Add | In the preceding single-line field, enter the Windows AD domain name and user group name, and then select Add. If you don’t know the exact name, use the Advanced button instead. The format of the entry depends on the AD access mode (see “Configuring Directory Access settings”): Standard: Domain\Group Advanced: cn=group, ou=corp, dc=domain |
Advanced | Select Advanced, select the user groups from the list, and then select Add. |
Remove | Remove the user groups selected in the monitor list. |