@bmeeks said in Allow outgoing traffic based on Active Directory group:

I would suggest setting up a pfSense instance in a virtual environment and experimenting with some of the options. Pretty easy to do in something like VMware or Proxmox (or even Hyper-V).

Yes, this is exactly my plan. I installed a 2.7.0 pfSense, a 2012 R2 DomainController, and two W10 virtual machines on my lab, just to test everything before touching the production environment.
Thanks, and best regards,
HeCSa.

@fly_tagart Bonjour,

Pourriez-vous expliquer un peu plus en détails votre solutions ?
Car je suis confronté au même problème.

C'est-à-dire que en LDAP, je n'ai aucun soucis tout fonctionne correctement. Mais dés que je passe en LDAPS, rien ne va.

J'ai tenter de :

Créer le certificats depuis le pfsense (complètement) Créer une CA sur l'AD et l'importer sur le pfsense

Rien ne fonctionne. En analysant les paquets avec Wireshark je vois "CA unknown"

Merci a vous
Bonne journée

@jgq85 I think that will work but it's always best to have Windows do your DNS and DHCP if your clients are using AD. Just use pfSense as a routing firewall and VPN remote site. Are you looking to move the existing building DC somewhere else? Otherwise I don't know why you wouldn't just connect the new building to the old one and the clients use the same old DC they always did with the least amount of disruption.