Table of Contents
Advertisement
the PC policy, not the Internet access only
policy, select the Seq.# column and drag the
policy to the top of the list.
The device identity list will now appear at the
top of the list. After the list is refreshed, this
policy will be assigned Seq.# 1.
With this new order set, the FortiGate unit
will attempt to apply the policy for the PC to
all traffic from the LAN interface. If the traffic
comes from a different source, the FortiGate
will attempt to apply the Internet access only
policy. If this attempt also fails, traffic will be
blocked using the default deny policy.
When ordering multiple security policies, the
most specific policies (in this case, the policy
for the PC) must go to the top of the list, to
ensure that the FortiGate unit checks them
first when determining which policy to apply.
Results
Browse the Internet using the PC and
another network device, then refresh the
policy list. You can now see Sessions
occuring for both policies.
Ordering security policies to allow different access levels
73
Advertisement
Table of Contents
