Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.a
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home 26.2.a Administration Guide

    Security profile groups

    Security profile groups

    You can create security profile groups, which allow you to group different security profile settings together. You can then configure the profile group as part of a policy.

    This topic covers the following use cases:

    Security profile groups for VPN users

    To create a security profile group and configure it in a VPN policy:

    1. Go to Security > Security Profile. By default, the Internet Access tab is selected in the top right corner. (If you have configured secure private access, you can select between the Internet Access or Private Access tabs to select which traffic the security profile group applies to.)

    2. From the Profile Group dropdown list in the top right corner, click +.

    3. In the Name field, enter the desired name.

    4. Select Feature Set, “Flow-based” used for flow type Profile, “Proxy-based” used for proxy type Profile.

    5. In the Initial Configuration field, do one of the following:

      1. Select Default to configure the new group with the same settings as the default security profile group.

      2. Select Based On to configure the new group with the same settings as an existing non-default security profile group. From the dropdown list, select the desired group.

    6. Click OK.

    7. Configure the profile group in a VPN policy:

      1. Go to Security > Policies.

      2. Select your desired policy.

      3. In the Profile Group field, select Specify. From the dropdown list, select the created object. The Profile Group field is only available for policies where the Action is configured as Accept.

      4. Click OK.

    Security profile groups for SWG users

    For SWG users, the process for configuring a security profile group and policy is similar to the process for configuring these settings for VPN users.

    The only difference is that these steps are required if SSO authentication is used for SWG users:

    • You must configure SSL inspection in Configure SSL ensuring that Deep Inspection is selected.

    • You will need to download the CA certificate and install it on endpoints.

    Previous
    Next

    Security profile groups

    Security profile groups

    You can create security profile groups, which allow you to group different security profile settings together. You can then configure the profile group as part of a policy.

    This topic covers the following use cases:

    Security profile groups for VPN users

    To create a security profile group and configure it in a VPN policy:

    1. Go to Security > Security Profile. By default, the Internet Access tab is selected in the top right corner. (If you have configured secure private access, you can select between the Internet Access or Private Access tabs to select which traffic the security profile group applies to.)

    2. From the Profile Group dropdown list in the top right corner, click +.

    3. In the Name field, enter the desired name.

    4. Select Feature Set, “Flow-based” used for flow type Profile, “Proxy-based” used for proxy type Profile.

    5. In the Initial Configuration field, do one of the following:

      1. Select Default to configure the new group with the same settings as the default security profile group.

      2. Select Based On to configure the new group with the same settings as an existing non-default security profile group. From the dropdown list, select the desired group.

    6. Click OK.

    7. Configure the profile group in a VPN policy:

      1. Go to Security > Policies.

      2. Select your desired policy.

      3. In the Profile Group field, select Specify. From the dropdown list, select the created object. The Profile Group field is only available for policies where the Action is configured as Accept.

      4. Click OK.

    Security profile groups for SWG users

    For SWG users, the process for configuring a security profile group and policy is similar to the process for configuring these settings for VPN users.

    The only difference is that these steps are required if SSO authentication is used for SWG users:

    • You must configure SSL inspection in Configure SSL ensuring that Deep Inspection is selected.

    • You will need to download the CA certificate and install it on endpoints.

    Previous
    Next