config user nac-policy
Configure NAC policy matching pattern to identify matching NAC devices.
config user nac-policy
Description: Configure NAC policy matching pattern to identify matching NAC devices.
edit <name>
set category [device|firewall-user|...]
set description {string}
set ems-tag {string}
set family {string}
set firewall-address {string}
set fortivoice-tag {string}
set host {string}
set hw-vendor {string}
set hw-version {string}
set mac {string}
set match-period {integer}
set match-remove [default|link-down]
set match-type [dynamic|override]
set os {string}
set severity <severity-num1>, <severity-num2>, ...
set src {string}
set ssid-policy {string}
set status [enable|disable]
set sw-version {string}
set switch-fortilink {string}
set switch-group <name1>, <name2>, ...
set switch-mac-policy {string}
set type {string}
set user {string}
set user-group {string}
next
end
config user nac-policy
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
category |
Category of NAC policy. |
option |
- |
device |
||||||||||||
|
|
|
|||||||||||||||
|
description |
Description for the NAC policy matching pattern. |
string |
Maximum length: 63 |
|
||||||||||||
|
ems-tag |
NAC policy matching EMS tag. |
string |
Maximum length: 79 |
|
||||||||||||
|
family |
NAC policy matching family. |
string |
Maximum length: 31 |
|
||||||||||||
|
firewall-address * |
Dynamic firewall address to associate MAC which match this policy. |
string |
Maximum length: 79 |
|
||||||||||||
|
fortivoice-tag |
NAC policy matching FortiVoice tag. |
string |
Maximum length: 79 |
|
||||||||||||
|
host |
NAC policy matching host. |
string |
Maximum length: 64 |
|
||||||||||||
|
hw-vendor |
NAC policy matching hardware vendor. |
string |
Maximum length: 15 |
|
||||||||||||
|
hw-version |
NAC policy matching hardware version. |
string |
Maximum length: 15 |
|
||||||||||||
|
mac |
NAC policy matching MAC address. |
string |
Maximum length: 17 |
|
||||||||||||
|
match-period |
Number of days the matched devices will be retained (0 - always retain) |
integer |
Minimum value: 0 Maximum value: 120 |
0 |
||||||||||||
|
match-remove |
Options to remove the matched override devices. |
option |
- |
default |
||||||||||||
|
|
|
|||||||||||||||
|
match-type |
Match and retain the devices based on the type. |
option |
- |
dynamic |
||||||||||||
|
|
|
|||||||||||||||
|
name |
NAC policy name. |
string |
Maximum length: 63 |
|
||||||||||||
|
os |
NAC policy matching operating system. |
string |
Maximum length: 31 |
|
||||||||||||
|
severity |
NAC policy matching devices vulnerability severity lists. Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical |
integer |
Minimum value: 0 Maximum value: 4 |
|
||||||||||||
|
src |
NAC policy matching source. |
string |
Maximum length: 15 |
|
||||||||||||
|
ssid-policy |
SSID policy to be applied on the matched NAC policy. |
string |
Maximum length: 35 |
|
||||||||||||
|
status |
Enable/disable NAC policy. |
option |
- |
enable |
||||||||||||
|
|
|
|||||||||||||||
|
sw-version |
NAC policy matching software version. |
string |
Maximum length: 15 |
|
||||||||||||
|
switch-fortilink * |
FortiLink interface for which this NAC policy belongs to. |
string |
Maximum length: 15 |
|
||||||||||||
|
switch-group |
List of managed FortiSwitch groups on which NAC policy can be applied. Managed FortiSwitch group name from available options. |
string |
Maximum length: 79 |
|
||||||||||||
|
switch-mac-policy * |
Switch MAC policy action to be applied on the matched NAC policy. |
string |
Maximum length: 63 |
|
||||||||||||
|
type |
NAC policy matching type. |
string |
Maximum length: 15 |
|
||||||||||||
|
user |
NAC policy matching user. |
string |
Maximum length: 64 |
|
||||||||||||
|
user-group |
NAC policy matching user group. |
string |
Maximum length: 35 |
|
||||||||||||
* This parameter may not exist in some models.