Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    6.4.11
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user nac-policy

    config user nac-policy

    Configure NAC policy matching pattern to identify matching NAC devices.

    config user nac-policy
    Description: Configure NAC policy matching pattern to identify matching NAC devices.
    edit <name>
        set category [device|firewall-user|...]
        set description {string}
        set ems-tag {string}
        set family {string}
        set host {string}
        set hw-vendor {string}
        set hw-version {string}
        set mac {string}
        set name {string}
        set os {string}
        set src {string}
        set status [enable|disable]
        set sw-version {string}
        set switch-auto-auth [global|disable|...]
        set switch-fortilink {string}
        set switch-mac-policy {string}
        set switch-port-policy {string}
        set switch-scope <switch-id1>, <switch-id2>, ...
        set type {string}
        set user {string}
        set user-group {string}
    next
end

    config user nac-policy

    Parameter

    Description

    Type

    Size

    Default

    category

    Category of NAC policy.

    option

    -

    device

    Option

    Description

    device

    Device category.

    firewall-user

    Firewall user category.

    ems-tag

    EMS Tag category.

    description

    Description for the NAC policy matching pattern.

    string

    Not Specified

    ems-tag

    NAC policy matching EMS tag.

    string

    Not Specified

    family

    NAC policy matching family.

    string

    Not Specified

    host

    NAC policy matching host.

    string

    Not Specified

    hw-vendor

    NAC policy matching hardware vendor.

    string

    Not Specified

    hw-version

    NAC policy matching hardware version.

    string

    Not Specified

    mac

    NAC policy matching MAC address.

    string

    Not Specified

    name

    NAC policy name.

    string

    Not Specified

    os

    NAC policy matching operating system.

    string

    Not Specified

    src

    NAC policy matching source.

    string

    Not Specified

    status

    Enable/disable NAC policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable NAC policy.

    disable

    Disable NAC policy.

    sw-version

    NAC policy matching software version.

    string

    Not Specified

    switch-auto-auth *

    NAC device auto authorization when discovered and nac-policy matched.

    option

    -

    global

    Option

    Description

    global

    Follows global auto-auth configuration under nac-settings.

    disable

    Disable NAC device auto authorization.

    enable

    Enable NAC device auto authorization.

    switch-fortilink *

    FortiLink interface for which this NAC policy belongs to.

    string

    Not Specified

    switch-mac-policy *

    switch-mac-policy to be applied on the matched NAC policy.

    string

    Not Specified

    switch-port-policy *

    switch-port-policy to be applied on the matched NAC policy.

    string

    Not Specified

    switch-scope <switch-id> *

    List of managed FortiSwitches on which NAC policy can be applied.

    Managed FortiSwitch name from available options.

    string

    Maximum length: 79

    type

    NAC policy matching type.

    string

    Not Specified

    user

    NAC policy matching user.

    string

    Not Specified

    user-group

    NAC policy matching user group.

    string

    Not Specified

    * This parameter may not exist in some models.

    Previous
    Next

    config user nac-policy

    config user nac-policy

    Configure NAC policy matching pattern to identify matching NAC devices.

    config user nac-policy
    Description: Configure NAC policy matching pattern to identify matching NAC devices.
    edit <name>
        set category [device|firewall-user|...]
        set description {string}
        set ems-tag {string}
        set family {string}
        set host {string}
        set hw-vendor {string}
        set hw-version {string}
        set mac {string}
        set name {string}
        set os {string}
        set src {string}
        set status [enable|disable]
        set sw-version {string}
        set switch-auto-auth [global|disable|...]
        set switch-fortilink {string}
        set switch-mac-policy {string}
        set switch-port-policy {string}
        set switch-scope <switch-id1>, <switch-id2>, ...
        set type {string}
        set user {string}
        set user-group {string}
    next
end

    config user nac-policy

    Parameter

    Description

    Type

    Size

    Default

    category

    Category of NAC policy.

    option

    -

    device

    Option

    Description

    device

    Device category.

    firewall-user

    Firewall user category.

    ems-tag

    EMS Tag category.

    description

    Description for the NAC policy matching pattern.

    string

    Not Specified

    ems-tag

    NAC policy matching EMS tag.

    string

    Not Specified

    family

    NAC policy matching family.

    string

    Not Specified

    host

    NAC policy matching host.

    string

    Not Specified

    hw-vendor

    NAC policy matching hardware vendor.

    string

    Not Specified

    hw-version

    NAC policy matching hardware version.

    string

    Not Specified

    mac

    NAC policy matching MAC address.

    string

    Not Specified

    name

    NAC policy name.

    string

    Not Specified

    os

    NAC policy matching operating system.

    string

    Not Specified

    src

    NAC policy matching source.

    string

    Not Specified

    status

    Enable/disable NAC policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable NAC policy.

    disable

    Disable NAC policy.

    sw-version

    NAC policy matching software version.

    string

    Not Specified

    switch-auto-auth *

    NAC device auto authorization when discovered and nac-policy matched.

    option

    -

    global

    Option

    Description

    global

    Follows global auto-auth configuration under nac-settings.

    disable

    Disable NAC device auto authorization.

    enable

    Enable NAC device auto authorization.

    switch-fortilink *

    FortiLink interface for which this NAC policy belongs to.

    string

    Not Specified

    switch-mac-policy *

    switch-mac-policy to be applied on the matched NAC policy.

    string

    Not Specified

    switch-port-policy *

    switch-port-policy to be applied on the matched NAC policy.

    string

    Not Specified

    switch-scope <switch-id> *

    List of managed FortiSwitches on which NAC policy can be applied.

    Managed FortiSwitch name from available options.

    string

    Maximum length: 79

    type

    NAC policy matching type.

    string

    Not Specified

    user

    NAC policy matching user.

    string

    Not Specified

    user-group

    NAC policy matching user group.

    string

    Not Specified

    * This parameter may not exist in some models.

    Previous
    Next