Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sims
New Contributor III

active and passive auth policy

 

Why "all and guest group" in the source , What if we give "guest group  " only 

Thanks

1 Solution
lobstercreed
Valued Contributor

Completely different objects.  "all" is an address object, Guest-group is a user object, and they use AND logic.  If source is <address> AND user is <user/group>, then match this.  Without a source address object there would be no traffic to match.  You of course don't have to use "all" but you must use some address object that catches the traffic you're after.

View solution in original post

1 REPLY 1
lobstercreed
Valued Contributor

Completely different objects.  "all" is an address object, Guest-group is a user object, and they use AND logic.  If source is <address> AND user is <user/group>, then match this.  Without a source address object there would be no traffic to match.  You of course don't have to use "all" but you must use some address object that catches the traffic you're after.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors