Default policy
There are several ways you can apply Isolator profile and Web Filter profile settings to end users. Isolator profiles and Web Filter profiles can be applied to the guest account, individual local user accounts, and/or local user groups.
Applying default policy and profile settings
The FortiIsolator provides Default Policy to local users and guest that do not have assigned groups with selected policy. Default Policy is a way to apply a certain Isolator profile, Web Filter profile, and/or ICAP profile to local individual users or guest.
To apply profiles to default policy from GUI:
- Go to Policies and Profiles > Default Policy and select the desired Guest Type:
guest disable A user has to log in with user account.
guest enable A user can log in with either user account or as a guest.
guest only A user has to log in as a guest.
With guest only, the login page will not show. Users can browse sites directly without being prompted to log in.
- Select the Isolator profile, Web Filter profile, and/or ICAP Filter profile to be used in the policy. Also set Max Session Per User, Max Session Per IP, and Auth Cookie Lifetime to be used in the default policy.
Default Isolator Profile Name
Select an Isolator profile for Default Policy.
Default WebFilter Profile Name
Select a Web Filter profile for Default Policy.
Default ICAP Profile Name
Select an ICAP profile for Default Policy.
Max Session Per User
Maximum number of sessions (tabs) allowed for requests from a same local user
Max Session Per IP
Maximum number of sessions (tabs) allowed for requests from a unique IP address
Auth Cookie Lifetime
Number of hours after which the authorization cookie expires and the user needs to re-login. Enter an integer within the range of 1-240.
This setting does not take effect when the user is in guest mode.
- Click OK to finish.
To apply profiles to default policy from CLI:
> set guest-type 0|1|2
(disabled = 0, enabled = 1, guest-only = 2)
For example:
> set guest-type 0
> show guest-type
guest type : Disabled
> set guest-type 1
> show guest-type
guest type : Enabled
> set guest-type 2
> show guest-type
guest type : Guest Only
> set default-policy <isolator-profile-name> <webfilter-profile-name> <icap-profile-name> <guest-type> <max-session-per-user> <max-session-per-ip> <auth-cookie-lifetime>
e.g.
> set default-policy system_default webfilter_profile ICAP_profile 1 50 30 96
<isolator-profile-name >
|
Isolator profile name |
||||||
<webfilter-profile-name >
|
Web Filter profile name |
||||||
<icap-profile-name >
|
ICAP profile name |
||||||
<guest-type>
|
Login mode of the user:
|
||||||
<max-session-per-user>
|
Maximum number of sessions (tabs) allowed for requests from a same local user |
||||||
<max-session-per-ip>
|
Maximum number of sessions (tabs) allowed for requests from a unique IP address |
||||||
<auth-cookie-lifetime>
|
Number of hours after which the authorization cookie expires and the user needs to re-login. This parameter accepts integers within the range of 1-240.
|
To display the default policy profile from CLI:
> show default-policy
Default Policy:
Guest Type : 1
Isolator Profile : system_default
WebFilter Profile : webfilter_profile
ICAP Profile : ICAP_profile
Max Session Per User : 50
Max Session Per IP : 30
Auth Cookie Lifetime : 96
Applying profile settings to local user account
To apply profile settings to local user account:
- From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
- Go to Users > User Definition. Select the user you wish to apply the profile settings to and click Edit.
- From the Policy Name drop-down menu, select the policy you wish to apply to the local user.
- Click OK to finish.
Applying profile settings to user groups
To apply profile settings to user groups:
- From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
- Go to Users > User Groups. Select the user group you wish to apply the profile settings and click Edit.
- From the Policy Name drop-down menu, select the policy you wish to apply to the user group.
- Click OK to finish.