edit 271 set srcintf " any" set dstintf " zn-RED-PROJECTS" set srcaddr " grp-RFC1918" set dstaddr " net-10.166.40.0/24" set action accept set comments " project maui" set identity-based enable config identity-based-policy edit 1 set schedule " always" set utm-status enable set groups " ldap-prj-maui" set service " ANY" set av-profile " av-standard" set ips-sensor " ips-standard-srv" set profile-protocol-options " po-standard" next end nextAfter:
edit 271 set srcintf " any" set dstintf " zn-RED-PROJECTS" set srcaddr " grp-RFC1918" set action accept set comments " project maui" set identity-based enable config identity-based-policy edit 1 set schedule " always" set utm-status enable set groups " ldap-prj-maui" set dstaddr " net-10.166.40.0/24" set service " ALL" set av-profile " av-standard" set ips-sensor " ips-standard-srv" set profile-protocol-options " po-standard" set deep-inspection-options " po-standard" next end next
edit 271 set srcintf " any" set dstintf " zn-RED-PROJECTS" set srcaddr " grp-RFC1918" set action accept set comments " project maui" set identity-based enable config identity-based-policy edit 1 set schedule " always" set utm-status enable set groups " ldap-prj-maui" set dstaddr " net-10.166.40.0/24" set service " ALL" set av-profile " av-standard" set ips-sensor " ips-standard-srv" set profile-protocol-options " po-standard" set deep-inspection-options " po-standard" next end next
ID-based firewall policy will not use destination addresses as the behavior in FortiOS v4.0 MR3.
Work around Need to re-arrange the sequence of the firewall policies that are below the identity based policy. If any of the firewall policies that are below the identity based policy has the same source as the identity based policy, those polices will not be hit. You would need to move those firewall policies above the identity based policyThis sort of presumes you have only one id based policy. That is not the case in my environment, and so the work around does not actually function.
edit 271 set srcintf " any" set dstintf " zn-RED-PROJECTS" set srcaddr " grp-RFC1918" set action accept set identity-based enable config identity-based-policy edit 1 set schedule " always" set utm-status enable set groups " ldap-prj-maui" set dstaddr " net-10.166.40.0/24" set service " ALL" set av-profile " av-standard" set ips-sensor " ips-standard-srv" set profile-protocol-options " po-standard" set deep-inspection-options " po-standard" next edit 2 set schedule " always" set utm-status enable set groups " ldap-prj-x" set dstaddr " net-10.166.41.0/24" set service " ALL" set av-profile " av-standard" set ips-sensor " ips-standard-srv" set profile-protocol-options " po-standard" set deep-inspection-options " po-standard" next end next
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.