Firewall Policies with AD Groups
I'm running into a problem when creating firewall rules that apply to active directory groups. I went through the process of hooking up my domain to the firebox and was able to successfully test it with my user accounts. I also added the group I'm trying to target in the Users and Groups menu under Authentication. When I create the firewall policy, however, it doesn't work. It's a deny HTTPS packet filter policy that is from the AD group to a FQDN (*.amazon.com). Users in that group are still able to access the website. For testing purposes, I changed the policy to apply from any-trusted instead of the AD group and it worked as expected. This leads me to believe that the issue isn't with the policy configuration but rather with the link to the domain. Anyone have any ideas why this happening?