two or more policy for one connection is it possible
Hi, we have ssl vpn users group connecting to the office remotely so they are using policy allowing from wan to lan . is it possible to apply that group to another policy then after they passed 1st policy on the same firewall? So 1st policy then 2nd policy like that
First, SSL VPN's interface is ssl.root, which is not considered as wan. Because any hacker's attempt to break into wouldn't hit that particular interface. And, you must have policy ssl.root->lan.
Second, you can stack up multiple policies for ssl.root->lan. If traffic from SSL VPN users doesn't match the first policy, then it looks down to the next policy if it matches, and so on and on. This rule is universally applied to all policies for any interface sets.
My goal at this case not to use " if not this > then check/use this policy " logic, but " if this policy passed then use this policy" logic. Is it possible? Will it work this way if I will have policy one after another ? For example ssl vpn user connected and received some internal subnet ip -> then second policy for that subnet to send them to specific interface/remote site ?
Generally you configure in a portal setting what subnets to be sent to the client for the split-tunnel, although you can do it via a policy. Each policy is bound to the destination and once it matches, it would exit from the policy checking.
"Each policy is bound to the destination and once it matches, it would exit from the policy checking." Do u mean ssl_vpn_users traffic will be checked by policy only 1 time and will not be checked for 2nd matching policy ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.