I am currently struggeling with the Active Directory integrated Group Policy features and was hoping maybe you could provide me with some input.
The intention is to maintain a Group Policy for FTP users. The Active Directory integration is up and running and the Client - User mapping seems to work fine (according to the event logs).
Thus, the MX should be aware of which users is using which client. However, it does not seem that any of the specific group policy firewall rules are being applied on the machine that has a user associated, who is a member of the mapped active directory FTP security group.
Once I add the active directory PC object though, the rules start getting applied. One further disclaimer: the affecting clients counter will stay at 0 constantly, no matter what - I assume it just simply doesn't work with AD mapped group policies?
Therfore my question - is it even possible to manage a custom firewall ruleset under group policy for a AD security group that only contains the user and not the machine object?
Yes the Meraki is the default gateway in this case.
That was also my understanding and the FTP active directory group that I am trying to map is a user group only (for testing purposes I tried to add the computer object there as well), but the goal clearly is to manage a group policy ruleset for an active directory user group only (FTP users). I hope this clarifies the situation.
I am pretty sure the Active Directory integration works fine as far as I understand. Because when I go click on the Client machine I can see an Active Directory user:
Do I assume correctly that with this sitatution, the group policy's firewall rules should override the default L3 rules for any user in the Active Directory FTP group?
Concerning your comment about the AD auditing, I checked the domain controller's applied settings by running rsop: