Fortigate uses an application called the FSSO Agent, which is Fortinet’s single sign on application for their Fortigate firewall. The FSSO agent sits on an AD domain controller and is used to synchronise AD groups and user information back to the Fortigate firewall.
I have found that after updating group filters in Fortigate’s FSSO agent, that AD groups aren’t refreshed in the web interface of the Fortigate firewall. To fix this I tried searching for an update or refresh option under User -> User Group on the device, but this didn’t work. After some time, I still couldn’t update my AD group information… Until I found this command:
execute fsso refresh
This can be run in the Fortigate command line / console, which can also be found as a widget on the web interface dashboard (System -> Status). This command immediately refreshed the list of AD groups that I had updated in the Fortigate FSSO Agent.