Administration Guide

Home FortiIsolator 2.1.1 Administration Guide

Default policy

2.1.1

Copy Link

Copy Doc ID efbf58a2-d38c-11ea-96b9-00505692583a:86379

Download PDF

Default policy

Applying Isolator profile and Web Filter profile settings

There are several ways you can apply Isolator profile and Web Filter profile settings to end users. Isolator profiles and Web Filter profiles can be applied to the guest account, individual local user accounts, and/or local user groups.

Applying default policy and profile settings

The FortiIsolator provides Default Policy to local users and guest that do not have assigned Groups with selected policy. Default Policy is a way to apply a certain Isolator profile, Web Filter profile, and/or ICAP profile to local individual users or guest.

Applying profiles to default policy from GUI

Steps

To apply profiles to Default policy, go to Policies and Profiles > Default Policy and select the desired Guest Type. Guest Type:

Guest Disable: A user has to login with user account that was defined in Users > User Definition
Guest Enable: A user can login with either user account or as a guest
Guest Only: A user has to login as a guest

With Guest Only, the Login page will not show; users will browse sites directly without asking to go through the login page.

Select the Isolator profile, Web Filter profile, and/or ICAP Filter profile to be used in the policy.

Default Isolator Profile Name	Select an Isolator profile for Default Policy.
Default WebFilter Profile Name	Select a Web Filter profile for Default Policy.
Default ICAP Profile Name	Select an ICAP profile for Default Policy.

Click OK to finish.

Applying profiles to default policy from CLI

To apply profiles to Default Policy from CLIm follow this format:

> set guest-type 0|1|2

(disabled = 0, enabled = 1, guest-only = 2)

For example:

> set guest-type 0

> show guest-type

guest type : Disabled

> set guest-type 1

> show guest-type

guest type : Enabled

> set guest-type 2

> show guest-type

guest type : Guest Only

> set default-policy <isolator-profile-name> <wf-profile-name> <icap-profile-name>

e.g.

> set default-policy system_default webfilter_profile ICAP_profile

> show default-policy

Default Policy:

Isolator Profile : system_default

WebFilter Profile : webfilter_profile

ICAP Profile : ICAP_profile

<isolator-profile-name >	Isolator profile name
<wf profile-name >	Web Filter profile name
<icap-profile-name >	ICAP profile name

Applying profile settings to local user account

Steps

From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
Go to Users > User Definition. Select the user you wish to apply the profile settings to and click Edit.
From the Policy Name drop-down menu, select the policy you wish to apply to the local user
Click OK to finish.

Applying profile settings to user groups

Steps

From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
Go to Users > User Groups. Select the user group you wish to apply the profile settings and click Edit.
From the Policy Name drop-down menu, select the policy you wish to apply to the uesr group.
Click OK to finish.

Applying Isolator profile and Web Filter profile settings

Applying default policy and profile settings

Applying profiles to default policy from GUI

Steps

To apply profiles to Default policy, go to Policies and Profiles > Default Policy and select the desired Guest Type. Guest Type:

Guest Disable: A user has to login with user account that was defined in Users > User Definition
Guest Enable: A user can login with either user account or as a guest
Guest Only: A user has to login as a guest

With Guest Only, the Login page will not show; users will browse sites directly without asking to go through the login page.

Select the Isolator profile, Web Filter profile, and/or ICAP Filter profile to be used in the policy.

Default Isolator Profile Name	Select an Isolator profile for Default Policy.
Default WebFilter Profile Name	Select a Web Filter profile for Default Policy.
Default ICAP Profile Name	Select an ICAP profile for Default Policy.

Click OK to finish.

Applying profiles to default policy from CLI

To apply profiles to Default Policy from CLIm follow this format:

> set guest-type 0|1|2

(disabled = 0, enabled = 1, guest-only = 2)

For example:

> set guest-type 0

> show guest-type

guest type : Disabled

> set guest-type 1

> show guest-type

guest type : Enabled

> set guest-type 2

> show guest-type

guest type : Guest Only

> set default-policy <isolator-profile-name> <wf-profile-name> <icap-profile-name>

e.g.

> set default-policy system_default webfilter_profile ICAP_profile

> show default-policy

Default Policy:

Isolator Profile : system_default

WebFilter Profile : webfilter_profile

ICAP Profile : ICAP_profile

<isolator-profile-name >	Isolator profile name
<wf profile-name >	Web Filter profile name
<icap-profile-name >	ICAP profile name

Applying profile settings to local user account

Steps

From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
Go to Users > User Definition. Select the user you wish to apply the profile settings to and click Edit.
From the Policy Name drop-down menu, select the policy you wish to apply to the local user
Click OK to finish.

Applying profile settings to user groups

Steps

From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
Go to Users > User Groups. Select the user group you wish to apply the profile settings and click Edit.
From the Policy Name drop-down menu, select the policy you wish to apply to the uesr group.
Click OK to finish.