We have AD FSSO with fortinet-200E and groups are retrieved from Active Directory. I am admin with some roles assigned to my account in AD and based on that Fortinet select policy and then web filter and App filter. I have to test some app filter and created policy for my IP only , and trying to avoid AD rules, but so far can't. So, Is it possible to create policy with web and app filters so it will not read what is assigned in AD roles?
In this case, you might need to add a rule that includes only your IP address. So it is possible to create this following these steps:
- Create an Address object using your IP Address (e.g. 192.168.1.1/32).
- Create a policy using said object as source only without selecting any user or user group.
- In the firewall policy view, make sure you select the "By sequence" view and place the new policy on top.
If this doesn't work, go to Dashboard>Fortiview Sessions, add a "Source IP" filter using your IP, end all the sessions and try again. It is important to clear the sessions so they can match the new policy created.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.