Skip to Content

How to set up on-fabric detection rule based on local subnets

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article outlines the key concepts of an on-fabric detection rule based on the Local IP and GW MAC address.

Scope

FortiSASE.

Solution

Step 1: Go to > Configuration > Endpoints > Profiles

Step 2: Select On-Fabric rule sets.

Step 3: Select Create New and configure the On-Fabric detection rule.

Select Create New and configure the On-Fabric detection rule.

Step 4: Set the Local IP of the user and the user GW MAC address.

Step 5: Go to the user machine, open a CMD prompt, and enter ipconfig to get the user IP address, and arp -a to get the GW MAC address.

Go to the user machine, open a CMD prompt, and enter ipconfig to get the user IP address, and arp -a to get the GW MAC address

Step 6: Now, return to the profile and enable ‘Bypass FortiSASE when endpoint is on-net‘, then select the On-Fabric detection Rule configured.

Now, return to the profile and enable 'Bypass FortiSASE when endpoint is on-net', then select the On-Fabric detection Rule configured.

Step 7: Now, return to the profile and enable ‘Bypass FortiSASE when endpoint is on-net‘ and select the On-Fabric detection Rule configured.