Skip to main content
MORAMADAN
MORAMADAN
Explorer III
October 14, 2025
Question

Fortigate 7.4 series rule source match logic

  • October 14, 2025
  • 1 reply
  • 1430 views

Hello Team, 

   I wanted to know if i have configured my fortigate firewall with source user accounts of user1, user2 and user3, and ip addr1, and ip addr2,and mac addr1, mac addr2, and mac addr3.

How firewall will process the source match logic according to the source objects and type mentioned above User accounts, IP addresses, and mac addresses?

TIA

1 reply

distillednetwork
distillednetwork
Explorer II
October 14, 2025

If you have a user defined in the policy, it based on how you have auth-on-demand set.  

 

config user setting
    set auth-on-demand <always|implicitly>
end
 
By default, it will skip the policy and only come back to it if nothing else matches.  Here is a Tech Tip on it:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Active-authentication-firewall-policy-fall-through/ta-p/192567
    MORAMADAN
    MORAMADANAuthor
    Explorer III
    October 14, 2025

    Thank you @distillednetwork for the reply and link.

    I wanted to know assuming users are authenticated, and with all ojects in the source field mentioned,  how the fortios think about source matching?

    The AND OR logic among them in matching probability.

    distillednetwork
    distillednetwork
    Explorer II
    October 16, 2025

    It will be User AND IP OR MAC. 

    The User list is an entire OR list, and the IP/Mac Address address objects will also be an OR list.

      Terms & ConditionsAccessibility statement