Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC-F 7.2.0 Administration Guide
    7.2.0
    7.6.0
    7.4.0
    7.2.0

    Create or edit a policy

    Create or edit a policy

    1. Select Policy & Objects.
    2. Select Portal Policy.
    3. Click Create New or select an existing policy and click Edit.

    4. Fill out the fields in accordance with the following settings:

      Field

      Definition

      Name

      Each profile must have a unique name.

      Notes

      User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC.

      Configuration

      Select a portal configuration from the drop-down menu. If the portal configuration you need is not shown, you must go to the portal content editor and create it before adding the Portal Policy. See Multiple portals.

      User/Host profile

      Select a user/host profile from the drop-down menu. If the user/host profile you need is not shown, you can create a new one by leaving the drop-down selection at "Create New" and populating the Conditions fields as desired. Likewise, a user/host profile can be copied from an existing entry by selecting it in the drop-down and changing the toggle in the Conditions section from "Use Existing" to "Clone", and then making desired edits to the fields. An existing user/host profile can also be edited from this view by clicking the pencil icon next to the entry in the drop-down.

      See User/host profiles.

      Creating a new UHP

      Note

      The user can also create a new UHP in this view by leaving the default selection at "Create New" and populating the Conditions fields below.

      Likewise, a UHP can be copied from an existing UHP by selecting it in the list and changing the toggle from "Use Existing" to "Clone" and making edits to the Conditions fields as desired. An existing UHP can also be edited from this view by clicking the pencil icon in the drop down next to the item to be edited.

      Conditions

      Use Existing

      Directly uses the selected user/host Profile (not editable) as is.

      Clone

      Copies the user/host Profile config into its own profile, allowing the user to edit the settings.

      A name would need to be specified in order to uniquely identify the cloned UHP.

      Who/What

      Attributes

      A host or user must meet all parameters within a single filter, but is only required to match one filter in the list. The attribute must be known at the time of connection. See Filter example.

      RADIUS Attributes

      Used to match against endpoints pre- and post-authentication.

      Groups

      • Any — Matches any group.

      • Any Of — Matches any of the listed groups. Does not have to match everything, but has to match at least one group that has been selected.

      • All Of — Has to match every group that's been selected.

      • None Of — Has to match no group that's been selected.

      Where

      Location on the network where the host is connected. This field lists groups of ports, SSIDs or devices. Hosts are checked to determine whether they have connected to the network via one of the selected devices, ports or SSIDs. Host must connect on one of the items contained within one of the selected groups to match this profile. When set to Any, this field is a match for all hosts or users.

      When

      If the host is on the network during the specified time frame, it matches this profile. Time options include Always or a specific set of days of the week and times of the day.

      Right click options

      Show Audit Log

      Opens the admin auditing log showing all changes made to the selected item.

      For information about the admin auditing log, see Audit Logs.

      Note

      You must have permission to view the admin auditing log. See Add an administrator profile.

      Buttons

      Disable

      Shuts off the Policy. Whatever is defined in the policy that is disabled is not in effect.
    5. Click OK to save your Policy.
    Previous
    Next

    Create or edit a policy

    Create or edit a policy

    1. Select Policy & Objects.
    2. Select Portal Policy.
    3. Click Create New or select an existing policy and click Edit.

    4. Fill out the fields in accordance with the following settings:

      Field

      Definition

      Name

      Each profile must have a unique name.

      Notes

      User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC.

      Configuration

      Select a portal configuration from the drop-down menu. If the portal configuration you need is not shown, you must go to the portal content editor and create it before adding the Portal Policy. See Multiple portals.

      User/Host profile

      Select a user/host profile from the drop-down menu. If the user/host profile you need is not shown, you can create a new one by leaving the drop-down selection at "Create New" and populating the Conditions fields as desired. Likewise, a user/host profile can be copied from an existing entry by selecting it in the drop-down and changing the toggle in the Conditions section from "Use Existing" to "Clone", and then making desired edits to the fields. An existing user/host profile can also be edited from this view by clicking the pencil icon next to the entry in the drop-down.

      See User/host profiles.

      Creating a new UHP

      Note

      The user can also create a new UHP in this view by leaving the default selection at "Create New" and populating the Conditions fields below.

      Likewise, a UHP can be copied from an existing UHP by selecting it in the list and changing the toggle from "Use Existing" to "Clone" and making edits to the Conditions fields as desired. An existing UHP can also be edited from this view by clicking the pencil icon in the drop down next to the item to be edited.

      Conditions

      Use Existing

      Directly uses the selected user/host Profile (not editable) as is.

      Clone

      Copies the user/host Profile config into its own profile, allowing the user to edit the settings.

      A name would need to be specified in order to uniquely identify the cloned UHP.

      Who/What

      Attributes

      A host or user must meet all parameters within a single filter, but is only required to match one filter in the list. The attribute must be known at the time of connection. See Filter example.

      RADIUS Attributes

      Used to match against endpoints pre- and post-authentication.

      Groups

      • Any — Matches any group.

      • Any Of — Matches any of the listed groups. Does not have to match everything, but has to match at least one group that has been selected.

      • All Of — Has to match every group that's been selected.

      • None Of — Has to match no group that's been selected.

      Where

      Location on the network where the host is connected. This field lists groups of ports, SSIDs or devices. Hosts are checked to determine whether they have connected to the network via one of the selected devices, ports or SSIDs. Host must connect on one of the items contained within one of the selected groups to match this profile. When set to Any, this field is a match for all hosts or users.

      When

      If the host is on the network during the specified time frame, it matches this profile. Time options include Always or a specific set of days of the week and times of the day.

      Right click options

      Show Audit Log

      Opens the admin auditing log showing all changes made to the selected item.

      For information about the admin auditing log, see Audit Logs.

      Note

      You must have permission to view the admin auditing log. See Add an administrator profile.

      Buttons

      Disable

      Shuts off the Policy. Whatever is defined in the policy that is disabled is not in effect.
    5. Click OK to save your Policy.
    Previous
    Next