Similar to the above, I was interested in the applications of blocking
all images. I attempted the following, but it did not work. Any idea
why? F-SBID( --name "HTTP.Image.High_Custom"; --protocol tcp; --app_cat
5; --service HTTP; --flow from_server;...
This may provide an answer to your question. There is an implicit
fall-through to rules without authentication. Read the links to know
more. In the second link, there appears to be a way in the CLI to change
that behavior. My use case for cascading f...
Mostly adding these notes for others that may come across this question.
These two Technical Notes/Tips provide information on fall through
behavior for unauthenticated users.
https://community.fortinet.com/t5/FortiGate/Technical-Note-Implicit-fall-t...
I have been looking into the same thing. Even used "cascade" in my
search terms. Have you tried setting the NGFW mode under Settings to
"Policy-based"? I can't say for certain it will solve your issue, but it
approaches firewall rules in a different ...
