Policies
You must associate any traffic going through FortiSASE with a policy. Policies control where the traffic goes, how FortiSASE processes it, and whether or not FortiSASE allows it to pass through.
When a session is initiated through the VPN tunnel, FortiSASE analyzes the connection and performs a VPN policy match. FortiSASE performs the match from top down and compares the session with the configured VPN policy parameters. When there is a match and the action is Accept, FortiSASE applies the enabled security components to the traffic. If the action is Deny, FortiSASE blocks the traffic from proceeding.