More and more requirements are to restrict not only the source by the type of device or user, but also specify the destination type of device or user.
Access is the most important factor and as Goolge clearly demonstrated with their access concept it is critical to have multiple databases of information going through a single access layer that will enforce in much more detail than destination IPs.
Cisco has started down that path a few years back with ISE, after many years with ACS. Fortinet Auth and Fortigate must become one platform. Security Fabric is interesting but at the moment pure Marketing, the quality of the information and the enforcing engine are not up to the task. One big problem is that many customers refuse to upgrade their software for too many years and Fortinet is not taking advantage to use newer Management versions to intelligent to apply mechanisms in a way that simplifies the tasks to try and construct for different versions of the software a policy to match the intention.
