Fortinet black logo

Administration Guide

Creating FortiSwitch security policies

Creating FortiSwitch security policies

To create a FortiSwitch security policy:
  1. Go to FortiSwitch Manager > FortiSwitch Templates.
  2. In the tree menu, select Security Policies.
  3. In the content pane, click Create New in the toolbar. The Create New Security Policies window opens.

  4. Enter the following information, then click OK to create the new security policy.

    Name

    Type a name for the template.

    Security mode

    Select the security mode, Port-based or MAC-based.

    User groups

    Select the user groups that the security policy will apply to.

    Guest VLAN

    Enable a guest VLAN, and select the VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    Guest authentication delay

    Set the guest authentication delay, in seconds (1 - 900, default = 30).

    Authentication fail VLAN

    Enable an authentication failure VLAN, and select the VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    This option is not available when Security mode is MAC-based.

    MAC authentication bypass

    Enable MAC Authentication Bypass (MAB).

    EAP pass-through

    Enable EAP pass-through.

    Override RADIUS timeout

    Enable overriding the RADIUS timeout.

Creating FortiSwitch security policies

To create a FortiSwitch security policy:
  1. Go to FortiSwitch Manager > FortiSwitch Templates.
  2. In the tree menu, select Security Policies.
  3. In the content pane, click Create New in the toolbar. The Create New Security Policies window opens.

  4. Enter the following information, then click OK to create the new security policy.

    Name

    Type a name for the template.

    Security mode

    Select the security mode, Port-based or MAC-based.

    User groups

    Select the user groups that the security policy will apply to.

    Guest VLAN

    Enable a guest VLAN, and select the VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    Guest authentication delay

    Set the guest authentication delay, in seconds (1 - 900, default = 30).

    Authentication fail VLAN

    Enable an authentication failure VLAN, and select the VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    This option is not available when Security mode is MAC-based.

    MAC authentication bypass

    Enable MAC Authentication Bypass (MAB).

    EAP pass-through

    Enable EAP pass-through.

    Override RADIUS timeout

    Enable overriding the RADIUS timeout.