Because the guest group is still not authenticated, it will not match with the policy with the ID=15, the traffic will go out for the policy with the ID=16 (because it is not necessary to authenticate). The user is not going to be asked for authentication.
If passive authentication is used, the traffic with the users that belongs to the Guest-group will match the policy with the ID=15 even if the policy with ID=16 does not have authentication enabled because the user is already authenticated.
Related Articles
Wireless client load balancing
Technical Note: How FortiGate can block Duolingo in different ways. Blocks web application.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.