Fortinet black logo

Administration Guide

Home FortiIsolator 2.4.4 Administration Guide
2.4.4
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.4
2.3.1
2.3.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.2.2
1.2.1
1.2.0
1.1.0

Policy

Policy

A policy provides a convenient way to apply a certain Isolator profile and/or Web Filter profile to local individual users or user groups. Policies are not active until they are applied.

To create a policy from GUI:
  1. Go to Policies and Profiles > Policies and click Create New Policy.
  2. Type in a name for the policy and select the desired Isolator and/or Web Filter profiles, and/or ICAP Filter profile to be used in the policy.
  3. Specify the value for Max Session Per User, which is the maximum number of sessions (tabs) allowed for requests from a same local user.
  4. Specify the value for Max Session Per IP, which is the maximum number of sessions (tabs) allowed for requests from a unique IP address.
  5. Specify the Auth Cookie Lifetime setting, which is the number of hours after which the authorization cookie expires and the user needs to re-login. Enter an integer within the range of 1-240.
    Note

    This setting does not take effect when the user is in guest mode.

  6. Click OK to finish.
To create a FortiIsolator policy from CLI:

> set policy <policy-name> <isolator-profile-name> <webfilter-profile-name> <icap-profile-name> <max-session-per-user> <max-session-per-ip> <auth-cookie-lifetime>

e.g.

> set policy policy_new system_default webfilter_profile ICAP_profile 50 30 96

<policy-name >

Policy name
<isolator-profile-name >

Isolator profile name
<webfilter-profile-name >

Web Filter profile name
<icap-profile-name >

ICAP profile name
<max-session-per-user>

Maximum number of sessions (tabs) allowed for requests from a same local user
<max-session-per-ip>

Maximum number of sessions (tabs) allowed for requests from a unique IP address
<auth-cookie-lifetime>

Number of hours after which the authorization cookie expires and the user needs to re-login. This parameter accepts integers within the range of 1-240.

Note

This parameter does not take effect when the user is in guest mode.
To display a FortiIsolator policy from CLI:

> show policy

Policy : policy_new

Isolator Profile : system_default

WebFilter Profile : webfilter_profile

ICAP Profile : ICAP_profile

Max Session Per User : 50

Max Session Per IP : 30

Auth Cookie Lifetime : 96

Previous
Next

Policy

A policy provides a convenient way to apply a certain Isolator profile and/or Web Filter profile to local individual users or user groups. Policies are not active until they are applied.

To create a policy from GUI:
  1. Go to Policies and Profiles > Policies and click Create New Policy.
  2. Type in a name for the policy and select the desired Isolator and/or Web Filter profiles, and/or ICAP Filter profile to be used in the policy.
  3. Specify the value for Max Session Per User, which is the maximum number of sessions (tabs) allowed for requests from a same local user.
  4. Specify the value for Max Session Per IP, which is the maximum number of sessions (tabs) allowed for requests from a unique IP address.
  5. Specify the Auth Cookie Lifetime setting, which is the number of hours after which the authorization cookie expires and the user needs to re-login. Enter an integer within the range of 1-240.
    Note

    This setting does not take effect when the user is in guest mode.

  6. Click OK to finish.
To create a FortiIsolator policy from CLI:

> set policy <policy-name> <isolator-profile-name> <webfilter-profile-name> <icap-profile-name> <max-session-per-user> <max-session-per-ip> <auth-cookie-lifetime>

e.g.

> set policy policy_new system_default webfilter_profile ICAP_profile 50 30 96

<policy-name >

Policy name
<isolator-profile-name >

Isolator profile name
<webfilter-profile-name >

Web Filter profile name
<icap-profile-name >

ICAP profile name
<max-session-per-user>

Maximum number of sessions (tabs) allowed for requests from a same local user
<max-session-per-ip>

Maximum number of sessions (tabs) allowed for requests from a unique IP address
<auth-cookie-lifetime>

Number of hours after which the authorization cookie expires and the user needs to re-login. This parameter accepts integers within the range of 1-240.

Note

This parameter does not take effect when the user is in guest mode.
To display a FortiIsolator policy from CLI:

> show policy

Policy : policy_new

Isolator Profile : system_default

WebFilter Profile : webfilter_profile

ICAP Profile : ICAP_profile

Max Session Per User : 50

Max Session Per IP : 30

Auth Cookie Lifetime : 96

Previous
Next