Detecting a Device and Policy

Kevin · ‎09-30-2014

Can' t seem to formulate the following policy as I get stumped by an un-editable implicit Deny. (FortiOS 5.0.9) I want a policy that does this. If you are a MAC/IPad, apply this AV/webfiltering policy. If you are anything else, continue down the policy chain. Help? K

TuncayBAS · ‎09-30-2014

set identify device settings in local interface. and policy type need to device identify policy

Tuncay BAS
RZK Muhendislik Turkey
FCA,FCP,FCF,FCSS

Kevin · ‎09-30-2014

I' ve tried that, but there is an implicit deny at the end of policy that looks to block everything that isn' t a MAC/IPad. I am unable to edit that implicit deny, not do I want to create an ALLOW ALL as it would bypass my Policy chain.

Christopher_McMullan · ‎09-30-2014

I' m not sure what you mean... You don' t want an implicit deny, but you don' t want an allow all action. Do you want a fall-through, so that the policy is ONLY matched if the device is an iPad or Mac? If that' s the case, upgrade to 5.2. User/device matching will be done at the same time as Layer-4 matching, meaning a match will only happen when the source/destination interfaces and ports, and schedule also align with a device type. If not, the FortiGate will continue consulting down the list.

Regards, Chris McMullan Fortinet Ottawa

TuncayBAS · ‎09-30-2014

Step :1

Step2:

Step3:

Step4:

Step5:

Tuncay BAS
RZK Muhendislik Turkey
FCA,FCP,FCF,FCSS

Detecting a Device and Policy

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website