Is there a way to apply a policies on a per-device per user basis?
- Users of group VIP can access everything from iPad, but only HTTP from Android.
- All other users are bound to per device rules (ex.: Android and Ipad can only access HTTP).
Unfortunately if I set a Identity or Device Policy, it catches all the traffic to the internet and does not continue with the next rules even if no match is available on the Identity/Device Policy internal rules.
Device policies have to go last as there is no way to skip them afaik. You can use the Identity Based policy on top and enable " Skip this policy for unauthenticated user" this way unauthenticated users will go to the per device policy.
As a side note, combining user and device policies does not work in all situations. You might have to chose one or the other or find a clever way to implement both.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.