Skip to main content
eeie9999
eeie9999
New Member
September 25, 2019
Question

Schedule Group match both One-Time and Recurring

  • September 25, 2019
  • 1 reply
  • 2686 views

Hi everyone,

I hope policy accept between 9/21 to 9/25 and AM08:00 to PM:17:00.

I had try group  One-Time day to 09/25 and Recurring 08:00~17:00,but policy still accept at 18:00.

Seem like fortigate schedule group is "or" condition.

So we had set 1 policy to deny at 17:00 to 08:00 and another to accept between 9/21-9/25.

Is there any command to set schedule group as "and" condition or better way to set the time-range?

Thank you guys

    1 reply

    Dave_Hall
    Dave_Hall
    New Member
    September 25, 2019

    Keep in mind that firewall policy rules are acted upon in a top-to-down fashion and once it is triggered no firewall policies below it are executed/looked into.  (I believe the only exception to this is the authentication policies - someone correct me on this, though.)

     

    The one-time firewall policy "One-Time day to 09/25" should be placed above the daily "Recurring 08:00~17:00" firewall policy, [strike]unless you actually want the daily firewall policy to be executed regardless then place the one-time firewall policy below it[/strike].  Edit: scratch that - you'll likely need do some replication here.

     

     

    eeie9999
    eeie9999Author
    New Member
    October 1, 2019

    Hi Dave,

     Thanks for replay, but I'm asking limit daily range and recurring in one policy. Schedule group in ASA work well but fortigate not. So i'm asking is there any command to set Schedule group to match both.

    Terms & ConditionsAccessibility statement