Fortinet black logo

Administration Guide

Home FortiNAC-F 7.4.0 Administration Guide
7.4.0
7.4.0
7.2.0

Create or edit a policy

Create or edit a policy

  1. Select Policy & Objects.
  2. Select Portal Policy.
  3. Click Create New or select an existing policy and click Edit.

  4. Fill out the fields in accordance with the following settings:

    Field

    Definition

    Name

    Each profile must have a unique name.

    Notes

    User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC.

    Configuration

    Select a portal configuration from the drop-down menu. If the portal configuration you need is not shown, you must go to the portal content editor and create it before adding the Portal Policy. See Multiple portals.

    User/Host profile

    Select a user/host profile from the drop-down menu. If the user/host profile you need is not shown, you can create a new one by leaving the drop-down selection at "Create New" and populating the Conditions fields as desired. Likewise, a user/host profile can be copied from an existing entry by selecting it in the drop-down and changing the toggle in the Conditions section from "Use Existing" to "Clone", and then making desired edits to the fields. An existing user/host profile can also be edited from this view by clicking the pencil icon next to the entry in the drop-down.

    See User/host profiles.

    Creating a new UHP

    Note

    The user can also create a new UHP in this view by leaving the default selection at "Create New" and populating the Conditions fields below.

    Likewise, a UHP can be copied from an existing UHP by selecting it in the list and changing the toggle from "Use Existing" to "Clone" and making edits to the Conditions fields as desired. An existing UHP can also be edited from this view by clicking the pencil icon in the drop down next to the item to be edited.

    Conditions

    Use Existing

    Directly uses the selected user/host Profile (not editable) as is.

    Clone

    Copies the user/host Profile config into its own profile, allowing the user to edit the settings.

    A name would need to be specified in order to uniquely identify the cloned UHP.

    Who/What

    Attributes

    A host or user must meet all parameters within a single filter, but is only required to match one filter in the list. The attribute must be known at the time of connection. See Filter example.

    RADIUS Attributes

    Used to match against endpoints pre- and post-authentication.

    Groups

    • Any — Matches any group.

    • Any Of — Matches any of the listed groups. Does not have to match everything, but has to match at least one group that has been selected.

    • All Of — Has to match every group that's been selected.

    • None Of — Has to match no group that's been selected.

    Where

    Location on the network where the host is connected. This field lists groups of ports, SSIDs or devices. Hosts are checked to determine whether they have connected to the network via one of the selected devices, ports or SSIDs. Host must connect on one of the items contained within one of the selected groups to match this profile. When set to Any, this field is a match for all hosts or users.

    When

    If the host is on the network during the specified time frame, it matches this profile. Time options include Always or a specific set of days of the week and times of the day.

    Right click options

    Show Audit Log

    Opens the admin auditing log showing all changes made to the selected item.

    For information about the admin auditing log, see Audit Logs.

    Note

    You must have permission to view the admin auditing log. See Add an administrator profile.

    Buttons

    Disable

    Shuts off the Policy. Whatever is defined in the policy that is disabled is not in effect.
  5. Click OK to save your Policy.
Previous
Next

Create or edit a policy

  1. Select Policy & Objects.
  2. Select Portal Policy.
  3. Click Create New or select an existing policy and click Edit.

  4. Fill out the fields in accordance with the following settings:

    Field

    Definition

    Name

    Each profile must have a unique name.

    Notes

    User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC.

    Configuration

    Select a portal configuration from the drop-down menu. If the portal configuration you need is not shown, you must go to the portal content editor and create it before adding the Portal Policy. See Multiple portals.

    User/Host profile

    Select a user/host profile from the drop-down menu. If the user/host profile you need is not shown, you can create a new one by leaving the drop-down selection at "Create New" and populating the Conditions fields as desired. Likewise, a user/host profile can be copied from an existing entry by selecting it in the drop-down and changing the toggle in the Conditions section from "Use Existing" to "Clone", and then making desired edits to the fields. An existing user/host profile can also be edited from this view by clicking the pencil icon next to the entry in the drop-down.

    See User/host profiles.

    Creating a new UHP

    Note

    The user can also create a new UHP in this view by leaving the default selection at "Create New" and populating the Conditions fields below.

    Likewise, a UHP can be copied from an existing UHP by selecting it in the list and changing the toggle from "Use Existing" to "Clone" and making edits to the Conditions fields as desired. An existing UHP can also be edited from this view by clicking the pencil icon in the drop down next to the item to be edited.

    Conditions

    Use Existing

    Directly uses the selected user/host Profile (not editable) as is.

    Clone

    Copies the user/host Profile config into its own profile, allowing the user to edit the settings.

    A name would need to be specified in order to uniquely identify the cloned UHP.

    Who/What

    Attributes

    A host or user must meet all parameters within a single filter, but is only required to match one filter in the list. The attribute must be known at the time of connection. See Filter example.

    RADIUS Attributes

    Used to match against endpoints pre- and post-authentication.

    Groups

    • Any — Matches any group.

    • Any Of — Matches any of the listed groups. Does not have to match everything, but has to match at least one group that has been selected.

    • All Of — Has to match every group that's been selected.

    • None Of — Has to match no group that's been selected.

    Where

    Location on the network where the host is connected. This field lists groups of ports, SSIDs or devices. Hosts are checked to determine whether they have connected to the network via one of the selected devices, ports or SSIDs. Host must connect on one of the items contained within one of the selected groups to match this profile. When set to Any, this field is a match for all hosts or users.

    When

    If the host is on the network during the specified time frame, it matches this profile. Time options include Always or a specific set of days of the week and times of the day.

    Right click options

    Show Audit Log

    Opens the admin auditing log showing all changes made to the selected item.

    For information about the admin auditing log, see Audit Logs.

    Note

    You must have permission to view the admin auditing log. See Add an administrator profile.

    Buttons

    Disable

    Shuts off the Policy. Whatever is defined in the policy that is disabled is not in effect.
  5. Click OK to save your Policy.
Previous
Next