kongou-ae/FortiGate FW policy (.conf)

## FortiGate FW policy (.conf)
config firewall policy
    edit 13
        set srcintf "VLAN-200"
        set dstintf "wan1"
            set srcaddr "192.168.200.0/24"
            set dstaddr "all"
        set action accept
        set utm-status enable
        set identity-based enable
        set nat enable
            config identity-based-policy
                edit 1
                    set schedule "always"
                    set logtraffic enable
                    set utm-status enable
                        set groups "FSSO_Guest_Users"
                        set service "ANY"
                    set av-profile "default"
                    set profile-protocol-options "default"
                next
                edit 2
                    set schedule "always"
                    set logtraffic enable
                        set groups "ssllocal_group"
                        set service "ANY"
                next
            end
    next
    edit 14
        set srcintf "VLAN-2"
        set dstintf "wan1"
            set srcaddr "192.168.2.0/24" "192.168.1.0/24"
            set dstaddr "all"
        set action accept
        set schedule "always"
            set service "ANY"
        set utm-status enable
        set logtraffic enable
        set profile-protocol-options "default"
        set nat enable
    next
end
	config firewall policy
	edit 13
	set srcintf "VLAN-200"
	set dstintf "wan1"
	set srcaddr "192.168.200.0/24"
	set dstaddr "all"
	set action accept
	set utm-status enable
	set identity-based enable
	set nat enable
	config identity-based-policy
	edit 1
	set schedule "always"
	set logtraffic enable
	set utm-status enable
	set groups "FSSO_Guest_Users"
	set service "ANY"
	set av-profile "default"
	set profile-protocol-options "default"
	next
	edit 2
	set schedule "always"
	set logtraffic enable
	set groups "ssllocal_group"
	set service "ANY"
	next
	end
	next
	edit 14
	set srcintf "VLAN-2"
	set dstintf "wan1"
	set srcaddr "192.168.2.0/24" "192.168.1.0/24"
	set dstaddr "all"
	set action accept
	set schedule "always"
	set service "ANY"
	set utm-status enable
	set logtraffic enable
	set profile-protocol-options "default"
	set nat enable
	next
	end