Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
RBA
Staff
Staff

Created on ‎09-19-2024 10:26 AM Edited on ‎05-18-2025 10:47 PM By Staff

Article Id 342525

Technical Tip: How to exempt endpoint from FortiSASE auto-connect when endpoint is on-net using Public IP

Description This article describes how to exempt an endpoint from FortiSASE auto-connect based on an On-Fabric detection rule based on the Public IP.
Scope FortiSASE.
Solution

Endpoints that are behind these public IPs should have a standard level of on-premise security and therefore may not need to automatically connect to FortiSASE for security inspection.

 

Go to Configuration -> Endpoints -> Profiles, select On-net rule sets, and select Create and configure the On-net rule.

 

create new rule set on-fabric.png

 


Add the Public IP of the user. The IP added in the screenshot is just for illustration.


Navigate to the endpoint profile and enable 'Exempt endpoint from FortiSASE auto-connect when endpoint is on-net'. Select the On-net rule set that is configured with the Public IP.

 

Exempt endpoint from FortiSASE.png
862
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.