Fortinet black logo

CLI Reference

config user nac-policy

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy

Description: Configure NAC policy matching pattern to identify matching NAC devices.

edit <name>

set description {string}

set category [device|firewall-user|...]

set status [enable|disable]

set mac {string}

set hw-vendor {string}

set type {string}

set family {string}

set os {string}

set hw-version {string}

set sw-version {string}

set host {string}

set user {string}

set src {string}

set user-group {string}

set ems-tag {string}

set switch-fortilink {string}

set switch-group <name1>, <name2>, ...

set switch-mac-policy {string}

set firewall-address {string}

set ssid-policy {string}

next

end

config user nac-policy

Parameter

Description

Type

Size

Default

description

Description for the NAC policy matching pattern.

string

Not Specified

category

Category of NAC policy.

option

-

device

Option

Description

device

Device category.

firewall-user

Firewall user category.

ems-tag

EMS Tag category.

status

Enable/disable NAC policy.

option

-

enable

Option

Description

enable

Enable NAC policy.

disable

Disable NAC policy.

mac

NAC policy matching MAC address.

string

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Not Specified

type

NAC policy matching type.

string

Not Specified

family

NAC policy matching family.

string

Not Specified

os

NAC policy matching operating system.

string

Not Specified

hw-version

NAC policy matching hardware version.

string

Not Specified

sw-version

NAC policy matching software version.

string

Not Specified

host

NAC policy matching host.

string

Not Specified

user

NAC policy matching user.

string

Not Specified

src

NAC policy matching source.

string

Not Specified

user-group

NAC policy matching user group.

string

Not Specified

ems-tag

NAC policy matching EMS tag.

string

Not Specified

switch-fortilink

FortiLink interface for which this NAC policy belongs to.

string

Not Specified

switch-group <name>

List of managed FortiSwitch groups on which NAC policy can be applied.

Managed FortiSwitch group name from available options.

string

Maximum length: 79

switch-mac-policy

Switch MAC policy action to be applied on the matched NAC policy.

string

Not Specified

firewall-address

Dynamic firewall address to associate MAC which match this policy.

string

Not Specified

ssid-policy

SSID policy to be applied on the matched NAC policy.

string

Not Specified

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy

Description: Configure NAC policy matching pattern to identify matching NAC devices.

edit <name>

set description {string}

set category [device|firewall-user|...]

set status [enable|disable]

set mac {string}

set hw-vendor {string}

set type {string}

set family {string}

set os {string}

set hw-version {string}

set sw-version {string}

set host {string}

set user {string}

set src {string}

set user-group {string}

set ems-tag {string}

set switch-fortilink {string}

set switch-group <name1>, <name2>, ...

set switch-mac-policy {string}

set firewall-address {string}

set ssid-policy {string}

next

end

config user nac-policy

Parameter

Description

Type

Size

Default

description

Description for the NAC policy matching pattern.

string

Not Specified

category

Category of NAC policy.

option

-

device

Option

Description

device

Device category.

firewall-user

Firewall user category.

ems-tag

EMS Tag category.

status

Enable/disable NAC policy.

option

-

enable

Option

Description

enable

Enable NAC policy.

disable

Disable NAC policy.

mac

NAC policy matching MAC address.

string

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Not Specified

type

NAC policy matching type.

string

Not Specified

family

NAC policy matching family.

string

Not Specified

os

NAC policy matching operating system.

string

Not Specified

hw-version

NAC policy matching hardware version.

string

Not Specified

sw-version

NAC policy matching software version.

string

Not Specified

host

NAC policy matching host.

string

Not Specified

user

NAC policy matching user.

string

Not Specified

src

NAC policy matching source.

string

Not Specified

user-group

NAC policy matching user group.

string

Not Specified

ems-tag

NAC policy matching EMS tag.

string

Not Specified

switch-fortilink

FortiLink interface for which this NAC policy belongs to.

string

Not Specified

switch-group <name>

List of managed FortiSwitch groups on which NAC policy can be applied.

Managed FortiSwitch group name from available options.

string

Maximum length: 79

switch-mac-policy

Switch MAC policy action to be applied on the matched NAC policy.

string

Not Specified

firewall-address

Dynamic firewall address to associate MAC which match this policy.

string

Not Specified

ssid-policy

SSID policy to be applied on the matched NAC policy.

string

Not Specified