Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
sjoshi
Staff
Staff

Created on ‎08-09-2024 01:06 AM

Article Id 331806

Technical Tip: How to setup On-Fabric Detection Rule Based on Public IP

Description

 

This article describes the key concept of the On-Fabric Detection Rule based on Public IP.

 

Scope

 

FortiSASE.

 

Solution

 

Go to Configuration -> Endpoints -> Profiles.
Select ON-fabric rule sets.

 

Picture1.png

 

 

Then 'Create New' and configure the On-Fabric detection rule.

 

Picture2.png

 

Set the Public IP of the user.
The public IP of the user can also be verified from Dashboard -> Managed Endpoints.

Now again go to the Endpoint profile and enable 'Bypass FortiSASE when endpoint is on-net' and select the On-Fabric detection Rule configured.

 

 

Picture3.png

 


So once the user is on On-Prem then the endpoints behind the Public IP Mention in the On-Fabric detection Rule will not get auto-connected to the SASE VPN.

259
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.