Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.4
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user nac-policy

    config user nac-policy

    Configure NAC policy matching pattern to identify matching NAC devices.

    config user nac-policy

    Description: Configure NAC policy matching pattern to identify matching NAC devices.

    edit <name>

    set description {string}

    set category [device|firewall-user|...]

    set status [enable|disable]

    set mac {mac-address}

    set hw-vendor {string}

    set type {string}

    set family {string}

    set os {string}

    set hw-version {string}

    set sw-version {string}

    set host {string}

    set user {string}

    set src {string}

    set user-group {string}

    set ems-tag {string}

    set switch-fortilink {string}

    set switch-scope <switch-id1>, <switch-id2>, ...

    set switch-auto-auth [global|disable|...]

    set switch-port-policy {string}

    set switch-mac-policy {string}

    next

    end

    config user nac-policy

    Parameter name

    Description

    Type

    Size

    description

    Description for the NAC policy matching pattern.

    string

    Maximum length: 63

    category

    Category of NAC policy.

    option

    -

    Option

    Description

    device

    Device category.

    firewall-user

    Firewall user category.

    ems-tag

    EMS Tag category.

    status

    Enable/disable NAC policy.

    option

    -

    Option

    Description

    enable

    Enable NAC policy.

    disable

    Disable NAC policy.

    mac

    NAC policy matching MAC address.

    mac-address

    Not Specified

    hw-vendor

    NAC policy matching hardware vendor.

    string

    Maximum length: 15

    type

    NAC policy matching type.

    string

    Maximum length: 15

    family

    NAC policy matching family.

    string

    Maximum length: 31

    os

    NAC policy matching operating system.

    string

    Maximum length: 31

    hw-version

    NAC policy matching hardware version.

    string

    Maximum length: 15

    sw-version

    NAC policy matching software version.

    string

    Maximum length: 15

    host

    NAC policy matching host.

    string

    Maximum length: 64

    user

    NAC policy matching user.

    string

    Maximum length: 64

    src

    NAC policy matching source.

    string

    Maximum length: 15

    user-group

    NAC policy matching user group.

    string

    Maximum length: 35

    ems-tag

    NAC policy matching EMS tag.

    string

    Maximum length: 79

    switch-fortilink

    FortiLink interface for which this NAC policy belongs to.

    string

    Maximum length: 15

    switch-scope `<switch-id>`

    List of managed FortiSwitches on which NAC policy can be applied.<br>Managed FortiSwitch name from available options.

    string

    Maximum length: 79

    switch-auto-auth

    NAC device auto authorization when discovered and nac-policy matched.

    option

    -

    Option

    Description

    global

    Follows global auto-auth configuration under nac-settings.

    disable

    Disable NAC device auto authorization.

    enable

    Enable NAC device auto authorization.

    switch-port-policy

    switch-port-policy to be applied on the matched NAC policy.

    string

    Maximum length: 63

    switch-mac-policy

    switch-mac-policy to be applied on the matched NAC policy.

    string

    Maximum length: 63
    Previous
    Next

    config user nac-policy

    config user nac-policy

    Configure NAC policy matching pattern to identify matching NAC devices.

    config user nac-policy

    Description: Configure NAC policy matching pattern to identify matching NAC devices.

    edit <name>

    set description {string}

    set category [device|firewall-user|...]

    set status [enable|disable]

    set mac {mac-address}

    set hw-vendor {string}

    set type {string}

    set family {string}

    set os {string}

    set hw-version {string}

    set sw-version {string}

    set host {string}

    set user {string}

    set src {string}

    set user-group {string}

    set ems-tag {string}

    set switch-fortilink {string}

    set switch-scope <switch-id1>, <switch-id2>, ...

    set switch-auto-auth [global|disable|...]

    set switch-port-policy {string}

    set switch-mac-policy {string}

    next

    end

    config user nac-policy

    Parameter name

    Description

    Type

    Size

    description

    Description for the NAC policy matching pattern.

    string

    Maximum length: 63

    category

    Category of NAC policy.

    option

    -

    Option

    Description

    device

    Device category.

    firewall-user

    Firewall user category.

    ems-tag

    EMS Tag category.

    status

    Enable/disable NAC policy.

    option

    -

    Option

    Description

    enable

    Enable NAC policy.

    disable

    Disable NAC policy.

    mac

    NAC policy matching MAC address.

    mac-address

    Not Specified

    hw-vendor

    NAC policy matching hardware vendor.

    string

    Maximum length: 15

    type

    NAC policy matching type.

    string

    Maximum length: 15

    family

    NAC policy matching family.

    string

    Maximum length: 31

    os

    NAC policy matching operating system.

    string

    Maximum length: 31

    hw-version

    NAC policy matching hardware version.

    string

    Maximum length: 15

    sw-version

    NAC policy matching software version.

    string

    Maximum length: 15

    host

    NAC policy matching host.

    string

    Maximum length: 64

    user

    NAC policy matching user.

    string

    Maximum length: 64

    src

    NAC policy matching source.

    string

    Maximum length: 15

    user-group

    NAC policy matching user group.

    string

    Maximum length: 35

    ems-tag

    NAC policy matching EMS tag.

    string

    Maximum length: 79

    switch-fortilink

    FortiLink interface for which this NAC policy belongs to.

    string

    Maximum length: 15

    switch-scope `<switch-id>`

    List of managed FortiSwitches on which NAC policy can be applied.<br>Managed FortiSwitch name from available options.

    string

    Maximum length: 79

    switch-auto-auth

    NAC device auto authorization when discovered and nac-policy matched.

    option

    -

    Option

    Description

    global

    Follows global auto-auth configuration under nac-settings.

    disable

    Disable NAC device auto authorization.

    enable

    Enable NAC device auto authorization.

    switch-port-policy

    switch-port-policy to be applied on the matched NAC policy.

    string

    Maximum length: 63

    switch-mac-policy

    switch-mac-policy to be applied on the matched NAC policy.

    string

    Maximum length: 63
    Previous
    Next