Hi everyone,
I hope policy accept between 9/21 to 9/25 and AM08:00 to PM:17:00.
I had try group One-Time day to 09/25 and Recurring 08:00~17:00,but policy still accept at 18:00.
Seem like fortigate schedule group is "or" condition.
So we had set 1 policy to deny at 17:00 to 08:00 and another to accept between 9/21-9/25.
Is there any command to set schedule group as "and" condition or better way to set the time-range?
Thank you guys
Keep in mind that firewall policy rules are acted upon in a top-to-down fashion and once it is triggered no firewall policies below it are executed/looked into. (I believe the only exception to this is the authentication policies - someone correct me on this, though.)
The one-time firewall policy "One-Time day to 09/25" should be placed above the daily "Recurring 08:00~17:00" firewall policy, [strike]unless you actually want the daily firewall policy to be executed regardless then place the one-time firewall policy below it[/strike]. Edit: scratch that - you'll likely need do some replication here.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hi Dave,
Thanks for replay, but I'm asking limit daily range and recurring in one policy. Schedule group in ASA work well but fortigate not. So i'm asking is there any command to set Schedule group to match both.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.