Fortinet black logo

CLI Reference

6.4.10
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

config user nac-policy

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy

Description: Configure NAC policy matching pattern to identify matching NAC devices.

edit <name>

set description {string}

set category [device|firewall-user|...]

set status [enable|disable]

set mac {string}

set hw-vendor {string}

set type {string}

set family {string}

set os {string}

set hw-version {string}

set sw-version {string}

set host {string}

set user {string}

set src {string}

set user-group {string}

set ems-tag {string}

set switch-fortilink {string}

set switch-scope <switch-id1>, <switch-id2>, ...

set switch-auto-auth [global|disable|...]

set switch-port-policy {string}

set switch-mac-policy {string}

next

end

config user nac-policy

Parameter

Description

Type

Size

Default

description

Description for the NAC policy matching pattern.

string

Not Specified

category

Category of NAC policy.

option

-

device

Option

Description

device

Device category.

firewall-user

Firewall user category.

ems-tag

EMS Tag category.

status

Enable/disable NAC policy.

option

-

enable

Option

Description

enable

Enable NAC policy.

disable

Disable NAC policy.

mac

NAC policy matching MAC address.

string

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Not Specified

type

NAC policy matching type.

string

Not Specified

family

NAC policy matching family.

string

Not Specified

os

NAC policy matching operating system.

string

Not Specified

hw-version

NAC policy matching hardware version.

string

Not Specified

sw-version

NAC policy matching software version.

string

Not Specified

host

NAC policy matching host.

string

Not Specified

user

NAC policy matching user.

string

Not Specified

src

NAC policy matching source.

string

Not Specified

user-group

NAC policy matching user group.

string

Not Specified

ems-tag

NAC policy matching EMS tag.

string

Not Specified

switch-fortilink

FortiLink interface for which this NAC policy belongs to.

string

Not Specified

switch-scope <switch-id>

List of managed FortiSwitches on which NAC policy can be applied.

Managed FortiSwitch name from available options.

string

Maximum length: 79

switch-auto-auth

NAC device auto authorization when discovered and nac-policy matched.

option

-

global

Option

Description

global

Follows global auto-auth configuration under nac-settings.

disable

Disable NAC device auto authorization.

enable

Enable NAC device auto authorization.

switch-port-policy

switch-port-policy to be applied on the matched NAC policy.

string

Not Specified

switch-mac-policy

switch-mac-policy to be applied on the matched NAC policy.

string

Not Specified

Previous
Next

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy

Description: Configure NAC policy matching pattern to identify matching NAC devices.

edit <name>

set description {string}

set category [device|firewall-user|...]

set status [enable|disable]

set mac {string}

set hw-vendor {string}

set type {string}

set family {string}

set os {string}

set hw-version {string}

set sw-version {string}

set host {string}

set user {string}

set src {string}

set user-group {string}

set ems-tag {string}

set switch-fortilink {string}

set switch-scope <switch-id1>, <switch-id2>, ...

set switch-auto-auth [global|disable|...]

set switch-port-policy {string}

set switch-mac-policy {string}

next

end

config user nac-policy

Parameter

Description

Type

Size

Default

description

Description for the NAC policy matching pattern.

string

Not Specified

category

Category of NAC policy.

option

-

device

Option

Description

device

Device category.

firewall-user

Firewall user category.

ems-tag

EMS Tag category.

status

Enable/disable NAC policy.

option

-

enable

Option

Description

enable

Enable NAC policy.

disable

Disable NAC policy.

mac

NAC policy matching MAC address.

string

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Not Specified

type

NAC policy matching type.

string

Not Specified

family

NAC policy matching family.

string

Not Specified

os

NAC policy matching operating system.

string

Not Specified

hw-version

NAC policy matching hardware version.

string

Not Specified

sw-version

NAC policy matching software version.

string

Not Specified

host

NAC policy matching host.

string

Not Specified

user

NAC policy matching user.

string

Not Specified

src

NAC policy matching source.

string

Not Specified

user-group

NAC policy matching user group.

string

Not Specified

ems-tag

NAC policy matching EMS tag.

string

Not Specified

switch-fortilink

FortiLink interface for which this NAC policy belongs to.

string

Not Specified

switch-scope <switch-id>

List of managed FortiSwitches on which NAC policy can be applied.

Managed FortiSwitch name from available options.

string

Maximum length: 79

switch-auto-auth

NAC device auto authorization when discovered and nac-policy matched.

option

-

global

Option

Description

global

Follows global auto-auth configuration under nac-settings.

disable

Disable NAC device auto authorization.

enable

Enable NAC device auto authorization.

switch-port-policy

switch-port-policy to be applied on the matched NAC policy.

string

Not Specified

switch-mac-policy

switch-mac-policy to be applied on the matched NAC policy.

string

Not Specified

Previous
Next