Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.4.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user nac-policy

    config user nac-policy

    Configure NAC policy matching pattern to identify matching NAC devices.

    config user nac-policy
    Description: Configure NAC policy matching pattern to identify matching NAC devices.
    edit <name>
        set category [device|firewall-user|...]
        set description {string}
        set ems-tag {string}
        set family {string}
        set firewall-address {string}
        set host {string}
        set hw-vendor {string}
        set hw-version {string}
        set mac {string}
        set os {string}
        set severity <severity-num1>, <severity-num2>, ...
        set src {string}
        set ssid-policy {string}
        set status [enable|disable]
        set sw-version {string}
        set switch-fortilink {string}
        set switch-group <name1>, <name2>, ...
        set switch-mac-policy {string}
        set type {string}
        set user {string}
        set user-group {string}
    next
end

    config user nac-policy

    Parameter

    Description

    Type

    Size

    Default

    category

    Category of NAC policy.

    option

    -

    device

    Option

    Description

    device

    Device category.

    firewall-user

    Firewall user category.

    ems-tag

    EMS Tag category.

    vulnerability

    Vulnerability category.

    description

    Description for the NAC policy matching pattern.

    string

    Maximum length: 63

    ems-tag

    NAC policy matching EMS tag.

    string

    Maximum length: 79

    family

    NAC policy matching family.

    string

    Maximum length: 31

    firewall-address *

    Dynamic firewall address to associate MAC which match this policy.

    string

    Maximum length: 79

    host

    NAC policy matching host.

    string

    Maximum length: 64

    hw-vendor

    NAC policy matching hardware vendor.

    string

    Maximum length: 15

    hw-version

    NAC policy matching hardware version.

    string

    Maximum length: 15

    mac

    NAC policy matching MAC address.

    string

    Maximum length: 17

    name

    NAC policy name.

    string

    Maximum length: 63

    os

    NAC policy matching operating system.

    string

    Maximum length: 31

    severity <severity-num>

    NAC policy matching devices vulnerability severity lists.

    Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical

    integer

    Minimum value: 0 Maximum value: 4

    src

    NAC policy matching source.

    string

    Maximum length: 15

    ssid-policy

    SSID policy to be applied on the matched NAC policy.

    string

    Maximum length: 35

    status

    Enable/disable NAC policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable NAC policy.

    disable

    Disable NAC policy.

    sw-version

    NAC policy matching software version.

    string

    Maximum length: 15

    switch-fortilink *

    FortiLink interface for which this NAC policy belongs to.

    string

    Maximum length: 15

    switch-group <name> *

    List of managed FortiSwitch groups on which NAC policy can be applied.

    Managed FortiSwitch group name from available options.

    string

    Maximum length: 79

    switch-mac-policy *

    Switch MAC policy action to be applied on the matched NAC policy.

    string

    Maximum length: 63

    type

    NAC policy matching type.

    string

    Maximum length: 15

    user

    NAC policy matching user.

    string

    Maximum length: 64

    user-group

    NAC policy matching user group.

    string

    Maximum length: 35

    * This parameter may not exist in some models.

    Previous
    Next

    config user nac-policy

    config user nac-policy

    Configure NAC policy matching pattern to identify matching NAC devices.

    config user nac-policy
    Description: Configure NAC policy matching pattern to identify matching NAC devices.
    edit <name>
        set category [device|firewall-user|...]
        set description {string}
        set ems-tag {string}
        set family {string}
        set firewall-address {string}
        set host {string}
        set hw-vendor {string}
        set hw-version {string}
        set mac {string}
        set os {string}
        set severity <severity-num1>, <severity-num2>, ...
        set src {string}
        set ssid-policy {string}
        set status [enable|disable]
        set sw-version {string}
        set switch-fortilink {string}
        set switch-group <name1>, <name2>, ...
        set switch-mac-policy {string}
        set type {string}
        set user {string}
        set user-group {string}
    next
end

    config user nac-policy

    Parameter

    Description

    Type

    Size

    Default

    category

    Category of NAC policy.

    option

    -

    device

    Option

    Description

    device

    Device category.

    firewall-user

    Firewall user category.

    ems-tag

    EMS Tag category.

    vulnerability

    Vulnerability category.

    description

    Description for the NAC policy matching pattern.

    string

    Maximum length: 63

    ems-tag

    NAC policy matching EMS tag.

    string

    Maximum length: 79

    family

    NAC policy matching family.

    string

    Maximum length: 31

    firewall-address *

    Dynamic firewall address to associate MAC which match this policy.

    string

    Maximum length: 79

    host

    NAC policy matching host.

    string

    Maximum length: 64

    hw-vendor

    NAC policy matching hardware vendor.

    string

    Maximum length: 15

    hw-version

    NAC policy matching hardware version.

    string

    Maximum length: 15

    mac

    NAC policy matching MAC address.

    string

    Maximum length: 17

    name

    NAC policy name.

    string

    Maximum length: 63

    os

    NAC policy matching operating system.

    string

    Maximum length: 31

    severity <severity-num>

    NAC policy matching devices vulnerability severity lists.

    Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical

    integer

    Minimum value: 0 Maximum value: 4

    src

    NAC policy matching source.

    string

    Maximum length: 15

    ssid-policy

    SSID policy to be applied on the matched NAC policy.

    string

    Maximum length: 35

    status

    Enable/disable NAC policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable NAC policy.

    disable

    Disable NAC policy.

    sw-version

    NAC policy matching software version.

    string

    Maximum length: 15

    switch-fortilink *

    FortiLink interface for which this NAC policy belongs to.

    string

    Maximum length: 15

    switch-group <name> *

    List of managed FortiSwitch groups on which NAC policy can be applied.

    Managed FortiSwitch group name from available options.

    string

    Maximum length: 79

    switch-mac-policy *

    Switch MAC policy action to be applied on the matched NAC policy.

    string

    Maximum length: 63

    type

    NAC policy matching type.

    string

    Maximum length: 15

    user

    NAC policy matching user.

    string

    Maximum length: 64

    user-group

    NAC policy matching user group.

    string

    Maximum length: 35

    * This parameter may not exist in some models.

    Previous
    Next