Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiIsolator 2.4.1 Administration Guide
    2.4.1
    2.4.5
    2.4.4
    2.4.3
    2.4.2
    2.4.1
    2.4.0
    2.3.4
    2.3.1
    2.3.0
    2.2.0
    2.1.2
    2.1.1
    2.1.0
    2.0.1
    2.0.0
    1.2.2
    1.2.1
    1.2.0
    1.1.0

    Policy

    Policy

    A policy provides a convenient way to apply a certain Isolator profile and/or Web Filter profile to local individual users or user groups. Policies are not active until they are applied.

    To create a policy from GUI:
    1. Go to Policies and Profiles > Policies and click Create New Policy.
    2. Type in a name for the policy and select the desired Isolator and/or Web Filter profiles, and/or ICAP Filter profile to be used in the policy.
    3. Specify the value for Max Session Per User, which is the maximum number of sessions (tabs) allowed for requests from a same local user.
    4. Specify the value for Max Session Per IP, which is the maximum number of sessions (tabs) allowed for requests from a unique IP address.
    5. Specify the Auth Cookie Lifetime setting, which is the number of hours after which the authorization cookie expires and the user needs to re-login. Enter an integer within the range of 1-240.
      Note

      This setting does not take effect when the user is in guest mode.

    6. Click OK to finish.
    To create a FortiIsolator policy from CLI:

    > set policy <policy-name> <isolator-profile-name> <webfilter-profile-name> <icap-profile-name> <max-session-per-user> <max-session-per-ip> <auth-cookie-lifetime>

    e.g.

    > set policy policy_new system_default webfilter_profile ICAP_profile 50 30 96

    <policy-name >

    Policy name
    <isolator-profile-name >

    Isolator profile name
    <webfilter-profile-name >

    Web Filter profile name
    <icap-profile-name >

    ICAP profile name
    <max-session-per-user>

    Maximum number of sessions (tabs) allowed for requests from a same local user
    <max-session-per-ip>

    Maximum number of sessions (tabs) allowed for requests from a unique IP address
    <auth-cookie-lifetime>

    Number of hours after which the authorization cookie expires and the user needs to re-login. This parameter accepts integers within the range of 1-240.

    Note

    This parameter does not take effect when the user is in guest mode.
    To display a FortiIsolator policy from CLI:

    > show policy

    Policy : policy_new

    Isolator Profile : system_default

    WebFilter Profile : webfilter_profile

    ICAP Profile : ICAP_profile

    Max Session Per User : 50

    Max Session Per IP : 30

    Auth Cookie Lifetime : 96

    Previous
    Next

    Policy

    Policy

    A policy provides a convenient way to apply a certain Isolator profile and/or Web Filter profile to local individual users or user groups. Policies are not active until they are applied.

    To create a policy from GUI:
    1. Go to Policies and Profiles > Policies and click Create New Policy.
    2. Type in a name for the policy and select the desired Isolator and/or Web Filter profiles, and/or ICAP Filter profile to be used in the policy.
    3. Specify the value for Max Session Per User, which is the maximum number of sessions (tabs) allowed for requests from a same local user.
    4. Specify the value for Max Session Per IP, which is the maximum number of sessions (tabs) allowed for requests from a unique IP address.
    5. Specify the Auth Cookie Lifetime setting, which is the number of hours after which the authorization cookie expires and the user needs to re-login. Enter an integer within the range of 1-240.
      Note

      This setting does not take effect when the user is in guest mode.

    6. Click OK to finish.
    To create a FortiIsolator policy from CLI:

    > set policy <policy-name> <isolator-profile-name> <webfilter-profile-name> <icap-profile-name> <max-session-per-user> <max-session-per-ip> <auth-cookie-lifetime>

    e.g.

    > set policy policy_new system_default webfilter_profile ICAP_profile 50 30 96

    <policy-name >

    Policy name
    <isolator-profile-name >

    Isolator profile name
    <webfilter-profile-name >

    Web Filter profile name
    <icap-profile-name >

    ICAP profile name
    <max-session-per-user>

    Maximum number of sessions (tabs) allowed for requests from a same local user
    <max-session-per-ip>

    Maximum number of sessions (tabs) allowed for requests from a unique IP address
    <auth-cookie-lifetime>

    Number of hours after which the authorization cookie expires and the user needs to re-login. This parameter accepts integers within the range of 1-240.

    Note

    This parameter does not take effect when the user is in guest mode.
    To display a FortiIsolator policy from CLI:

    > show policy

    Policy : policy_new

    Isolator Profile : system_default

    WebFilter Profile : webfilter_profile

    ICAP Profile : ICAP_profile

    Max Session Per User : 50

    Max Session Per IP : 30

    Auth Cookie Lifetime : 96

    Previous
    Next