Limited access for unauthenticated users
When configuring User Identity policies, if you select the option Skip this policy for unauthenticated user the policy will only apply to users who have already authenticated with the FortiGate unit. This feature is intended for networks with two kinds of users:
• Single sign-on users who have authenticated when their devices connected to their network
• Other users who do not authenticate with the network so are “unauthenticated”
Sessions from authenticated users can match this policy and sessions from unauthenticated users will skip this policy and potentially be matched with policies further down the policy list. Typically, you would arrange a policy with Skip this policy for unauthenticated user at the top of a policy list.
You can also use the following CLI command to enable skipping policies for unauthenticated users:
config firewall policy
edit <id>
set identity-based enable
set fall-through-unauthenticated enable
next